TPI-Abuse
2025-02-03 07:05:25
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 03 02:05:21.521397 2025] [security2:error] [pid 4173:tid 4173] [client 98.159.226.246:52797] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||secureonebank.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "secureonebank.net"] [uri "/backup/www.sql"] [unique_id "Z6BqsRqjfFvX8qVsTBFPQAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-02-01 21:00:21
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 01 16:00:15.955113 2025] [security2:error] [pid 30157:tid 30157] [client 98.159.226.246:25461] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "localteaching.network"] [uri "/old/sftp-config.json"] [unique_id "Z56LX5wLQqY2dmZ2S0nwOQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-29 08:56:27
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 29 03:56:24.042268 2025] [security2:error] [pid 19020:tid 19020] [client 98.159.226.246:12423] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/backup/mysql.sql"] [unique_id "Z5ntOGnqlAYawyYyL3syCgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Progetto1
2025-01-25 19:37:03
(2 weeks ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
diego
2025-01-22 04:55:12
(2 weeks ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
TPI-Abuse
2025-01-21 18:54:24
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 21 13:54:16.875331 2025] [security2:error] [pid 26331:tid 26331] [client 98.159.226.246:28555] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mpaexchangeinc.com"] [uri "/back/sftp-config.json"] [unique_id "Z4_tWJ14fOTs-G1tmkq4nQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2025-01-21 18:26:24
(2 weeks ago)
Form spam
Web Spam
Anonymous
2025-01-14 00:47:44
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2025-01-05 16:08:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 05 11:08:48.974246 2025] [security2:error] [pid 4159971:tid 4159971] [client 98.159.226.246:50815] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linuxforpoets.com"] [uri "/back/sftp-config.json"] [unique_id "Z3qukD12n7jApkFR1MbhtwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-05 01:40:13
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2025-01-04 05:36:22
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 04 00:36:16.910428 2025] [security2:error] [pid 7954:tid 7954] [client 98.159.226.246:56609] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usbea.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/old/dump.sql"] [unique_id "Z3jI0HPW4_n4KEEvU4u1zQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-02 00:00:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 01 19:00:51.717771 2025] [security2:error] [pid 18944:tid 18944] [client 98.159.226.246:1891] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uppermotradingco.com"] [uri "/backup/sftp-config.json"] [unique_id "Z3XXM_70Anh89ROvagcpzgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-29 06:40:17
(1 month ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2024-12-25 02:05:27
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-22 14:01:26
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 22 09:01:19.307226 2024] [security2:error] [pid 1838616:tid 1838616] [client 98.159.226.246:43537] [client 98.159.226.246] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ourhotmail.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ourhotmail.com"] [uri "/backups/mysql.sql"] [unique_id "Z2gbr8vKDFsuUhWPsfrPbgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack