TPI-Abuse
2024-10-12 17:16:54
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 13:16:48.381148 2024] [security2:error] [pid 30082:tid 30082] [client 82.180.145.186:63519] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||bikiniadvice.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "bikiniadvice.com"] [uri "/wp-content/plugins/apikey/apikey.php"] [unique_id "ZwqvALw4AmlYWij6nhMxVQAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-12 17:04:58
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-12 16:57:54
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 12:57:48.165052 2024] [security2:error] [pid 25687:tid 25687] [client 82.180.145.186:51919] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.petsdogtraining.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.petsdogtraining.com"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "ZwqqjH2cotm-Se5RFb2QiQAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
2000cn.com.au
2024-10-12 16:23:48
(1 month ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-12 15:56:35
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 11:56:27.950098 2024] [security2:error] [pid 24702:tid 24702] [client 82.180.145.186:56523] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.stoneybluff.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.stoneybluff.com"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "ZwqcK4_123Qd_Vcq6e7KMQAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-12 15:21:17
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 11:21:11.677692 2024] [security2:error] [pid 5074:tid 5074] [client 82.180.145.186:51749] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.calogerolawfirm.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.calogerolawfirm.com"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "ZwqT52PlmB3EhwEKwO-n9AAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Countryman
2024-10-12 15:16:51
(1 month ago)
IPS detection: ALFA.TEaM.Web.Shell
Hacking
TPI-Abuse
2024-10-12 14:50:51
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 10:50:47.410630 2024] [security2:error] [pid 24043:tid 24043] [client 82.180.145.186:65376] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||arellasoc.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "arellasoc.com"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "ZwqMx2Z7PfFuQ5aEleZLfAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
sthoyer.de
2024-10-12 14:49:41
(1 month ago)
82.180.145.186 - - [12/Oct/2024:16:49:38 +0200] "POST /wp-plain.php HTTP/1.1" 302 794 "www.google.co ... show more 82.180.145.186 - - [12/Oct/2024:16:49:38 +0200] "POST /wp-plain.php HTTP/1.1" 302 794 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [12/Oct/2024:16:49:38 +0200] "POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.1" 302 794 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [12/Oct/2024:16:49:39 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 302 794 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
TPI-Abuse
2024-10-12 14:33:06
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 10:33:01.230061 2024] [security2:error] [pid 17164:tid 17164] [client 82.180.145.186:56624] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||coopermountaindental.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "coopermountaindental.com"] [uri "/sohpotle.php"] [unique_id "ZwqInVDJapnlrGNcSd1uhwAAAAk"], referer: www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-10-12 14:31:30
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
TPI-Abuse
2024-10-12 14:06:18
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): ... show more (mod_security) mod_security (id:210350) triggered by 82.180.145.186 (vmi2200755.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 10:06:14.734188 2024] [security2:error] [pid 31511:tid 31511] [client 82.180.145.186:58344] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.realclean.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.realclean.net"] [uri "/wp-content/plugins/apikey/apikey.php.suspected"] [unique_id "ZwqCVhlE5PfGLCai3aM5IQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Andrew J Hughes
2024-10-12 13:51:31
(1 month ago)
$f2bV_matches
Web App Attack
Anonymous
2024-10-12 13:51:09
(1 month ago)
Excessive 404 Traffic Wordpress
Web App Attack
SOC [GOLINE SA]
2024-10-12 13:00:03
(1 month ago)
FortiGate detected IPS attempt
Hacking