πΊπΈ
TPI-Abuse
2026-02-26 14:46:33
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 26 09:46:26.912638 2026] [security2:error] [pid 13679:tid 13679] [client 154.213.161.238:9851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.156"] [uri "/.git/config"] [unique_id "aaBcwjmXXuwmqgp_qTWOTQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-11-02 14:32:38
(7 months ago)
This IP was involved in an brute force and password spray attack on 2025/11/02 07:09:19
Port Scan
Brute-Force
Exploited Host
Web App Attack
πΊπΈ
fbarela
2025-09-25 03:01:35
(8 months ago)
FortiGate SSL VPN login failures.
Hacking
Brute-Force
πΊπΈ
TPI-Abuse
2025-08-01 23:55:48
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 19:55:42.214595 2025] [security2:error] [pid 14743:tid 14743] [client 154.213.161.238:14383] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||5degrees-eg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "5degrees-eg.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aI1T_mH0wxGPKFldMrCYFAAAAAE"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
10dencehispahard SL
2025-06-25 07:52:22
(11 months ago)
WP probing for vulnerabilities
Hacking
Exploited Host
π³π±
EGP Abuse Dept
2025-05-24 22:46:12
(1 year ago)
Unauthorized connection to SSH port 22
Port Scan
Hacking
SSH
πΊπΈ
TPI-Abuse
2025-05-18 00:01:47
(1 year ago)
(mod_security) mod_security (id:210831) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 154.213.161.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 17 20:01:35.973546 2025] [security2:error] [pid 3787497:tid 3787497] [client 154.213.161.238:58379] [client 154.213.161.238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||backstore.com|F|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/"] [unique_id "aCkjXzqR5mb_aOIp_bADWQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
LRob.fr
2025-05-16 19:30:08
(1 year ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
π©πͺ
FeG Deutschland
2025-05-16 06:35:54
(1 year ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 24
Exploited Host
Web App Attack
πͺπΈ
masterguru
2025-05-15 01:49:39
(1 year ago)
SQL Injection Attack Detected via libinjection. detected SQLi using libinjection with fingerprint 'n ...
show more
SQL Injection Attack Detected via libinjection. detected SQLi using libinjection with fingerprint 'n&1' (942100-122)
show less
SQL Injection
π¦πΊ
MAGIC
2025-05-14 11:03:57
(1 year ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
π©πͺ
LRob.fr
2025-05-13 20:00:11
(1 year ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
π²πΎ
Rizzy
2025-05-13 19:20:48
(1 year ago)
Multiple WAF Violations
Brute-Force
Web App Attack
π«π·
dynamix
2025-05-13 18:22:47
(1 year ago)
Multiple WAF Violations
Web App Attack
π«π·
uhlhosting
2025-05-12 19:23:53
(1 year ago)
taxigut.ch 154.213.161.238 - - [12/May/2025:21:22:51.587913 +0200] "GET /wp-includes/classwithtostri ...
show more
taxigut.ch 154.213.161.238 - - [12/May/2025:21:22:51.587913 +0200] "GET /wp-includes/classwithtostring.php HTTP/1.1" 403 199 "-" "-" aCJKi-8D4VzAY6TL7KJzlQAAAIs "-" /apache/20250512/20250512-2122/20250512-212251-aCJKi-8D4VzAY6TL7KJzlQAAAIs 0 1520 md5:b9d55ea09176dbc872602949283c1ab0
taxigut.ch 154.213.161.238 - - [12/May/2025:21:22:53.374631 +0200] "GET /wp-includes/rk2.php HTTP/1.1" 403 199 "-" "-" aCJKjQN3tAzvY_SW4lNQJwAAAE0 "-" /apache/20250512/20250512-2122/20250512-212253-aCJKjQN3tAzvY_SW4lNQJwAAAE0 0 1492 md5:58a11f89d5e89b3389bba5a5dc5d7883
taxigut.ch 154.213.161.238 - - [12/May/2025:21:23:11.967987 +0200] "GET /wp-includes/file.php HTTP/1.1" 403 199 "-" "-" aCJKn9OBh7gLb3Mc2fy-yQAAAAY "-" /apache/20250512/20250512-2123/20250512-212311-aCJKn9OBh7gLb3Mc2fy-yQAAAAY 0 1494 md5:a6bb3844387cb4f654162e88f55dc98f
taxigut.ch 154.213.161.238 - - [12/May/2025:21:23:18.267428 +0200] "GET /wp-includes/widgets/past.php HTTP/1.1" 403 199 "-" "-" aCJKpgN3tAzvY_SW4lNQNAAAAFI "-" /apache/2025
...
show less
DDoS Attack
Brute-Force