๐จ๐ฆ
internetworld
2026-06-30 06:38:23
(4 days ago)
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from interne ...
show more
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from internetworld.ca server security monitoring.
show less
Brute-Force
Web App Attack
๐จ๐ฆ
internetworld
2026-06-28 11:24:42
(5 days ago)
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from interne ...
show more
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from internetworld.ca server security monitoring.
show less
Brute-Force
Web App Attack
๐ต๐ฑ
sefinek.net
2026-06-28 11:24:31
(5 days ago)
Triggered Cloudflare WAF (firewallCustom) from JP.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoi ...
show more
Triggered Cloudflare WAF (firewallCustom) from JP.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoint: /vendor/phpunit/phpunit/phpunit.xsd | UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 19:16:53
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:16:49.257852 2026] [security2:error] [pid 15041:tid 15041] [client 149.22.87.2:63703] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pattymoorearmstrong.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pattymoorearmstrong.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akAhoXdKnyPNRPSpz-FEuQAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 02:55:57
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:55:51.398722 2026] [security2:error] [pid 8456:tid 8456] [client 149.22.87.2:36463] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.laboquimia.es|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.laboquimia.es"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj87t8hBkXl6C8TNFfi1cwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 02:32:30
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:32:26.872221 2026] [security2:error] [pid 23462:tid 23462] [client 149.22.87.2:48757] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.voodooshop.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.voodooshop.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj82Ok0k8Q3fLJQ7glfFiQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 02:06:52
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:06:47.745410 2026] [security2:error] [pid 28036:tid 28036] [client 149.22.87.2:25015] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.blacksheepoffroad.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.blacksheepoffroad.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj8wN_NMAOdmL7zSHQP9mQAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 01:45:03
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:44:58.681331 2026] [security2:error] [pid 25003:tid 25003] [client 149.22.87.2:38837] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.wallpaperpro.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.wallpaperpro.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj8rGkE5BeNgrv5ob4IVXgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 00:52:57
(1 week ago)
(mod_security) mod_security (id:949110) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:949110) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 20:52:54.930322 2026] [security2:error] [pid 19688:tid 19688] [client 149.22.87.2:38791] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.servicesafes.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj8e5ntK_vWppUkiMNuxnAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 00:28:35
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 20:28:29.767154 2026] [security2:error] [pid 6570:tid 6570] [client 149.22.87.2:20219] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.mitchellamazing.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mitchellamazing.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj8ZLbd5RlYH8qlGTMnUKQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 23:43:27
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:43:24.826021 2026] [security2:error] [pid 3714:tid 3729] [client 149.22.87.2:37519] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ceresfund.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ceresfund.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aj8OnNjFjb9ctGAFkUelXQAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 21:04:23
(1 week ago)
[Firewall Canary] Temporary ban due to firewall rule match [URI:*/vendor/*]
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 22:17:47
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 18:17:40.958517 2026] [security2:error] [pid 31775:tid 31775] [client 149.22.87.2:55391] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.texassportsmansassociation.org|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.texassportsmansassociation.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajxXhPMthGnfVWHFJq_0PwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 05:12:04
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 149.22.87.2 (unn-149-22-87-2.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 01:12:01.271571 2026] [security2:error] [pid 24600:tid 24600] [client 149.22.87.2:51947] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.markrudin.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.markrudin.com"] [uri "/christopher/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajtnIRJ5jsYh-OQs8kWHbwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-24 03:40:28
(1 week ago)
[Firewall Canary] Temporary ban due to firewall rule match [URI:*/vendor/*]
Bad Web Bot
Web App Attack