TPI-Abuse
2025-02-03 21:24:21
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 03 16:24:16.759134 2025] [security2:error] [pid 652:tid 652] [client 98.159.226.245:26933] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barnesandbrower.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/bak/sql.sql"] [unique_id "Z6E0APihcOoluAm_7iLd4QAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-02-02 22:23:37
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 02 17:23:33.267694 2025] [security2:error] [pid 15662:tid 15662] [client 98.159.226.245:2071] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nationalenq.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nationalenq.com"] [uri "/backup/www.sql"] [unique_id "Z5_wZVqgxSCcU2ViPMYhtQAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
backslash
2025-02-01 22:15:07
(1 week ago)
block ruleset 6A1105329D233F6F53B9B61CE056BD4DAAE75AB4
Web Spam
TPI-Abuse
2025-01-31 14:48:20
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 31 09:48:14.197492 2025] [security2:error] [pid 31173:tid 31173] [client 98.159.226.245:12783] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||portfolioboosterllc.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "portfolioboosterllc.com"] [uri "/restore/wallet.dat"] [unique_id "Z5ziruH3bu7QStgjVDIrNgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Progetto1
2025-01-25 19:37:03
(2 weeks ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
TPI-Abuse
2025-01-21 10:51:14
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 21 05:51:07.524940 2025] [security2:error] [pid 30576:tid 30576] [client 98.159.226.245:8287] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||csgohub.gg|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csgohub.gg"] [uri "/backups/backup.sql"] [unique_id "Z498G_2lPc54DRDkpSkmNAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-21 06:01:20
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 21 01:01:15.240872 2025] [security2:error] [pid 7806:tid 7806] [client 98.159.226.245:62171] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/backup/dump.sql"] [unique_id "Z484K1qlKGNrXdcbux4KSwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2025-01-18 02:18:23
(3 weeks ago)
Form spam
Web Spam
diego
2025-01-10 19:14:24
(4 weeks ago)
Events: TCP SYN Discovery or Flooding, Seen 5 times in the last 10800 seconds
DDoS Attack
TPI-Abuse
2025-01-06 13:28:10
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 06 08:28:06.345714 2025] [security2:error] [pid 22653:tid 22653] [client 98.159.226.245:58033] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cvgandhes.investments"] [uri "/bak/sftp-config.json"] [unique_id "Z3vaZg216wWBU8FJuRDt0wAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-04 17:11:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 04 12:11:43.178508 2025] [security2:error] [pid 14403:tid 14403] [client 98.159.226.245:16087] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcoinsubscribers.com"] [uri "/.env"] [unique_id "Z3lrzwAZn5kHf2i1EUKdkwAAAB0"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2025-01-03 12:11:14
(1 month ago)
Too many Status 40X (13)
Brute-Force
Web App Attack
TPI-Abuse
2024-12-30 17:30:58
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 30 12:30:52.073984 2024] [security2:error] [pid 1235:tid 1235] [client 98.159.226.245:36037] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcointradingsquare.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointradingsquare.com"] [uri "/restore/sql.sql"] [unique_id "Z3LYzExEbTx7TrdXAl9xzQAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-29 06:53:58
(1 month ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-12-26 18:11:18
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 26 13:11:12.854595 2024] [security2:error] [pid 17520:tid 17523] [client 98.159.226.245:50183] [client 98.159.226.245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.fishrapper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/old/mysql.sql"] [unique_id "Z22cQMfLO-aM8Kg5dJ-T6gAAAQE"] show less
Brute-Force
Bad Web Bot
Web App Attack