πΊπΈ
TPI-Abuse
2026-06-16 13:01:53
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 09:01:50.003046 2026] [security2:error] [pid 5737:tid 5737] [client 149.88.103.94:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail-pmg.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail-pmg.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajFJPYEhePWXiojCMzPTTAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 08:55:22
(1 day ago)
(mod_security) mod_security (id:210580) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210580) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:55:16.072613 2026] [security2:error] [pid 5591:tid 5719] [client 149.88.103.94:24905] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:log_filename. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||newports.net|F|2"] [data "Matched Data: etc/passwd found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "newports.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ajEPdPAXJqr8qQOVzOXP8wAAAU4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
xmission.com
2026-05-31 09:39:59
(2 weeks ago)
Blocked by UFW (TCP on 1)
Source port: 40511
TTL: 119
Packet length: 52
TOS: 0x00
This report (for ...
show more
Blocked by UFW (TCP on 1)
Source port: 40511
TTL: 119
Packet length: 52
TOS: 0x00
This report (for 149.88.103.94) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
π―π΅
demonsword
2026-05-30 09:54:44
(2 weeks ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.cloudflare.com:443
show less
Open Proxy
Port Scan
πΊπΈ
xmission.com
2026-05-21 01:49:00
(3 weeks ago)
Blocked by UFW (TCP on 1)
Source port: 5969
TTL: 118
Packet length: 52
TOS: 0x08
This report (for 1 ...
show more
Blocked by UFW (TCP on 1)
Source port: 5969
TTL: 118
Packet length: 52
TOS: 0x08
This report (for 149.88.103.94) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
π·πΊ
DZBOT
2026-05-13 07:45:17
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
πΊπΈ
Neosmith20
2026-05-12 16:19:15
(1 month ago)
Knock-Knock honeypot brute-force: SMTP (5 total hits)
Brute-Force
π¬π§
knock
2026-05-12 16:19:13
(1 month ago)
Knock-Knock honeypot brute-force: SMTP (1 total hits)
Brute-Force
π―π΅
HeliJP
2026-05-12 08:21:08
(1 month ago)
Unauthorized connection attempt from IP address 149.88.103.94 on port 587
Port Scan
Brute-Force
πΉπΌ
tye
2026-05-12 08:17:52
(1 month ago)
Wazuh Alert Evidence: May 12 08:17:50 pico-gw1 postfix/smtpd[3386500]: warning: hostname unn-149-88- ...
show more
Wazuh Alert Evidence: May 12 08:17:50 pico-gw1 postfix/smtpd[3386500]: warning: hostname unn-149-88-103-94.datapacket.com does not resolve to address 149.88.103.94: Name or service not known
show less
Hacking
πΊπΈ
TPI-Abuse
2026-05-07 07:38:28
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 03:38:25.778159 2026] [security2:error] [pid 14168:tid 14168] [client 149.88.103.94:49583] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.onlinesuretybonds.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.onlinesuretybonds.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afxBcVwm5izJOui_ubKBUwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-07 06:12:06
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 02:11:59.325684 2026] [security2:error] [pid 26346:tid 26346] [client 149.88.103.94:35647] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.nue18.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nue18.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afwtLyIgAmSnWa7X2TR2zgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-07 05:04:35
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 01:04:28.218065 2026] [security2:error] [pid 22141:tid 22157] [client 149.88.103.94:27573] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ceresfund.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ceresfund.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afwdXANNHVoxIditGw-pxAAAAQ4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-07 04:42:37
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 00:42:33.974520 2026] [security2:error] [pid 9283:tid 9283] [client 149.88.103.94:45305] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||articulaterecords.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "articulaterecords.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afwYOagXYfJ5795W9NwS2QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-07 03:37:39
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com ...
show more
(mod_security) mod_security (id:210730) triggered by 149.88.103.94 (unn-149-88-103-94.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 23:37:32.477006 2026] [security2:error] [pid 3329:tid 3329] [client 149.88.103.94:59663] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kompassconsulting.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kompassconsulting.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afwI_DwA_g4VYzkK8aeJtgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack