TPI-Abuse
2024-10-07 12:17:39
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 07 08:17:25.623124 2024] [security2:error] [pid 12632:tid 12632] [client 85.203.47.56:25409] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wethepeoplealliance.network|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wethepeoplealliance.network"] [uri "/backups/wallet.dat"] [unique_id "ZwPRVQyeT8rnQv_WIAn9HQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-25 19:27:30
(2 weeks ago)
Account archive download attempts
Hacking
Brute-Force
oncord
2024-09-21 23:09:23
(2 weeks ago)
Form spam
Web Spam
Anonymous
2024-09-21 17:11:59
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
backslash
2024-09-20 13:30:11
(3 weeks ago)
block ruleset 6A1105329D233F6F53B9B61CE056BD4DAAE75AB4
Web Spam
TPI-Abuse
2024-08-08 08:20:39
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 04:20:24.894857 2024] [security2:error] [pid 27750:tid 27758] [client 85.203.47.56:43727] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.fishrapper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/backup/www.sql"] [unique_id "ZrR_yLXFmU3PrB1b6-7ODAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 03:44:13
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 23:43:59.910419 2024] [security2:error] [pid 10592:tid 10592] [client 85.203.47.56:8521] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ccbank.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ccbank.net"] [uri "/sql.sql"] [unique_id "ZrQ-_5bLwaimP9-lrjzAUgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-28 08:31:28
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 04:31:14.566492 2024] [security2:error] [pid 9025] [client 85.203.47.56:59453] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otrantocapital.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otrantocapital.com"] [uri "/old/mysql.sql"] [unique_id "Zn500lWVxxz3qWokc0fM_wAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-05-21 00:48:03
(4 months ago)
HEAD http://techtronicgambia.com/bak/backup.tar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
oncord
2024-04-27 09:38:38
(5 months ago)
Form spam
Web Spam
MAGIC
2024-04-27 07:03:43
(5 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-04-27 03:44:55
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-17 12:35:44
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 17 08:35:29.571088 2024] [security2:error] [pid 32375] [client 85.203.47.56:26937] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoincasting.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoincasting.com"] [uri "/back/www.sql"] [unique_id "Zh_CES1z-ODWJVHRGv77zQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-17 04:17:17
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 17 00:17:04.945191 2024] [security2:error] [pid 25211] [client 85.203.47.56:14401] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gcigmbh.com"] [uri "/back/sftp-config.json"] [unique_id "ZfZuwJM3HA37q32mB9embgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-02-14 02:15:37
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 85.203.47.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 13 21:15:24.239661 2024] [security2:error] [pid 3358] [client 85.203.47.56:8977] [client 85.203.47.56] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcointoolshop.com"] [uri "/old/sftp-config.json"] [unique_id "ZcwiPMLn3uZ0h7KfTCpIUwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack