MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 09:03:32.308271 2024] [security2:error] [pid 31706:tid 31706] [client 91.230.225.51:34865] [client 91.230.225.51] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||intercotrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intercotrading.com"] [uri "/backup/sql.sql"] [unique_id "Z1WnNJ18nZ-rmKF5tei17QAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 13:11:00.572637 2024] [security2:error] [pid 9861:tid 9861] [client 91.230.225.51:16661] [client 91.230.225.51] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barnesandbrower.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/backup/www.sql"] [unique_id "Z1SPtA4kfyu6mSyBHdvv3wAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Dolphi
|
|
POST //xmlrpc.php
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 14 21:47:49.965761 2024] [security2:error] [pid 29080] [client 91.230.225.51:31599] [client 91.230.225.51] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ourhotmail.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ourhotmail.com"] [uri "/backups/backup.sql"] [unique_id "ZmzyxaIHnp4jRg-MkMb16gAAAAs"] show less
|
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 24 06:18:21.213820 2024] [security2:error] [pid 13081] [client 91.230.225.51:33235] [client 91.230.225.51] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||thegoldentether.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thegoldentether.com"] [uri "/backup/www.sql"] [unique_id "ZlBpbdiX5MFv3k_wAcdvAwAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
paratodos.pro
|
|
Form spam
|
Email Spam
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 91.230.225.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 10 09:42:32.205306 2024] [security2:error] [pid 14706:tid 47036772714240] [client 91.230.225.51:15953] [client 91.230.225.51] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||blastfuturepress.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blastfuturepress.com"] [uri "/backups/sql.sql"] [unique_id "ZceLWMVfPANY-I1ULJuZigAAANE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Staging
|
|
Automated report (2023-10-27T20:15:07+03:00). Caught probing for unsecured backup files.
|
Hacking
|
|
niceshops.com
|
|
Web Attack ([18/May/2023:13:35:23.588] GET /wp-login.php)
|
Web App Attack
|
|
Anonymous
|
|
SQL injection, multiple attempts.
|
SQL Injection
|
|
10dencehispahard SL
|
|
Suspicious activity detected by Modsecurity [Application attack SQLI]
|
Hacking
SQL Injection
Web App Attack
|
|