TPI-Abuse
2024-12-11 15:18:26
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 10:18:18.160190 2024] [security2:error] [pid 31469:tid 31469] [client 98.159.234.105:59880] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vonkugelgen.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vonkugelgen.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1mtOl5TEdtgyqJ51CFNzAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-11 05:28:12
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 00:28:08.448328 2024] [security2:error] [pid 9395:tid 9395] [client 98.159.234.105:57850] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kurikka.eu|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kurikka.eu"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1ki6Fb9bMKhQIcGOQmn7wAAACg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-10 14:34:46
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 10 09:34:40.646216 2024] [security2:error] [pid 1973:tid 1973] [client 98.159.234.105:56910] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kccares.help|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kccares.help"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1hRgDNYygIN-wAvCYIg8QAAAEA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-10 06:12:46
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 10 01:12:41.978059 2024] [security2:error] [pid 18642:tid 18664] [client 98.159.234.105:59487] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||iamfluff.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "iamfluff.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1fb2fjCm4CPCzw4RuO-1wAAAU0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-10 02:57:43
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 09 21:57:37.792325 2024] [security2:error] [pid 1236804:tid 1236804] [client 98.159.234.105:51281] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||odinsglobalsolution.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "odinsglobalsolution.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1euIV528kv_GL1sUPtQ-AAAAC0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-09 23:19:56
(1 month ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
TPI-Abuse
2024-12-09 22:22:07
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 09 17:22:02.902192 2024] [security2:error] [pid 23490:tid 23499] [client 98.159.234.105:50380] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pyxelstudios.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pyxelstudios.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1dtiuXD8DWlBp2-40E32AAAAQc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-09 17:00:44
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 09 12:00:39.437002 2024] [security2:error] [pid 13672:tid 13672] [client 98.159.234.105:63913] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||missingdigit.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "missingdigit.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1ciN6Z0dCVRqZGVvSl3qAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-09 07:46:17
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 09 02:46:13.892217 2024] [security2:error] [pid 11595:tid 11595] [client 98.159.234.105:55815] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sierratechworks.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sierratechworks.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1agRRce9KI3FD5I11UjsQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-09 07:45:33
(1 month ago)
Bot / scanning and/or hacking attempts: GET /cong.php HTTP/1.1, GET /x.php HTTP/1.1, GET /admin.php ... show more Bot / scanning and/or hacking attempts: GET /cong.php HTTP/1.1, GET /x.php HTTP/1.1, GET /admin.php HTTP/1.1, GET /templates/atomic/templates.php HTTP/1.1, GET /eew.php HTTP/1.1, GET /chosen.php?p= HTTP/1.1, GET /wp-admin/network/admin.php HTTP/1.1, GET /new.php HTTP/1.1, GET /lock.php HTTP/1.1, GET /test.php HTTP/1.1, GET /mah.php HTTP/1.1, GET /index/function.php HTTP/1.1, GET /randkeyword.PhP7 HTTP/1.1, GET /wp-admin/images/about.php HTTP/1.1, GET /login.php HTTP/1.1, GET /baxa1.phP8 HTTP/1.1, GET /ws.php HTTP/1.1, GET /file.php HTTP/1.1, GET /pages.php HTTP/1.1, GET /wp-admin/css/index.php HTTP/1.1, GET /wp-admin/css/colors/blue/about.php HTTP/1.1, GET /dropdown.php HTTP/1.1, GET /simple.php HTTP/1.1, GET /wp-admin/images/index.php HTTP/1.1, GET /click.php HTTP/1.1, GET /radio.php HTTP/1.1, GET /ge.php HTTP/1.1, GET /wp-mail.php HTTP/1.1, GET /templatesdex.php HTTP/1.1, GET /autoload_classmap.php HTTP/1.1, GET /.qiodetme.php HTTP/1.1, GET /wp-editor.php HTTP/1.1 show less
Hacking
Web App Attack
Anonymous
2024-12-09 07:21:29
(1 month ago)
Inappropriate script execution attempts
Hacking
Brute-Force
Apache
2024-12-08 20:30:09
(1 month ago)
(mod_security) mod_security (id:20000010) triggered by 98.159.234.105 (GB/United Kingdom/errem.dream ... show more (mod_security) mod_security (id:20000010) triggered by 98.159.234.105 (GB/United Kingdom/errem.dreamsinheels.com): 5 in the last 300 secs show less
Brute-Force
Web App Attack
Anonymous
2024-12-08 07:08:49
(1 month ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
TPI-Abuse
2024-12-08 06:49:22
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 01:49:17.279531 2024] [security2:error] [pid 6998:tid 6998] [client 98.159.234.105:54764] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||agrizel.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "agrizel.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1VBbW2s0FmwZUaR5jZ42wAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-08 04:03:31
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 98.159.234.105 (errem.dreamsinheels.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 23:03:23.756333 2024] [security2:error] [pid 5605:tid 5835] [client 98.159.234.105:56837] [client 98.159.234.105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tributetoalice.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tributetoalice.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1Uai6Q54b3f1WLKrGVpQAAAAUs"] show less
Brute-Force
Bad Web Bot
Web App Attack