๐ซ๐ฎ
gnom4ik
2026-02-22 05:31:47
(4 months ago)
ban-reviewer auto report; ip=154.222.132.54; scenario=http:exploit; verdict=valid_ban; confidence=0. ...
show more
ban-reviewer auto report; ip=154.222.132.54; scenario=http:exploit; verdict=valid_ban; confidence=0.90; categories=14,15,18,22; active_decisions=1; lookback_decisions=1; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=IP flagged for HTTP exploit activity; Decision is part of a sustained abuse pattern; No evidence of legitimate use in the time window
show less
Port Scan
Hacking
Brute-Force
SSH
๐ฉ๐ช
Hazzard
2026-02-19 15:16:45
(4 months ago)
(wordpress) Failed wordpress login from 154.222.132.54 (DE/Germany/State of Berlin/Berlin/-/[redacte ...
show more
(wordpress) Failed wordpress login from 154.222.132.54 (DE/Germany/State of Berlin/Berlin/-/[redacted]): (CF_ENABLE)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-02-11 23:18:46
(4 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 18:18:40.104400 2026] [security2:error] [pid 27196:tid 27196] [client 154.222.132.54:29876] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||primacomm.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "primacomm.com"] [uri "/wp-login.php"] [unique_id "aY0OUINHcGGIF-k5kGG9GQAAAAU"], referer: https://primacomm.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-23 11:25:55
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 23 06:25:49.587009 2026] [security2:error] [pid 27229:tid 27229] [client 154.222.132.54:35438] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||kerrywood.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "kerrywood.com"] [uri "/wp-login.php"] [unique_id "aXNavbGYlr_EDptySALdGQAAAAA"], referer: https://kerrywood.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-21 01:09:37
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 20:09:29.809095 2026] [security2:error] [pid 17474:tid 17474] [client 154.222.132.54:25184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.whodatnation.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.whodatnation.com"] [uri "/wp-login.php"] [unique_id "aXAnSfASI3qC4TU-gTLiowAAAAU"], referer: https://www.whodatnation.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
xmission.com
2026-01-11 16:04:56
(5 months ago)
154.222.132.54 - - [11/Jan/2026:09:04:56 -0700] "POST /wp-login.php HTTP/1.1" 200 6857 "https://dooc ...
show more
154.222.132.54 - - [11/Jan/2026:09:04:56 -0700] "POST /wp-login.php HTTP/1.1" 200 6857 "https://dooce.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-01-11 14:18:44
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 11 09:18:39.126258 2026] [security2:error] [pid 9913:tid 9913] [client 154.222.132.54:33854] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grandpont-house.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grandpont-house.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "aWOxP7ehupWzv4CeSRZ4bwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-01 20:00:51
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 15:00:42.104424 2026] [security2:error] [pid 4104:tid 4104] [client 154.222.132.54:35266] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.staben.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.staben.com"] [uri "/wp-login.php"] [unique_id "aVbSalEfJxe0RLvi3KVmgAAAAAo"], referer: https://www.staben.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Packets-Decreaser.NET
2025-12-31 00:58:47
(6 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐บ๐ธ
TPI-Abuse
2025-12-28 17:12:34
(6 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 12:12:32.013487 2025] [security2:error] [pid 24237:tid 24237] [client 154.222.132.54:20220] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||salernospizza.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "salernospizza.com"] [uri "/wp-login.php"] [unique_id "aVFlAF2GYbYbu9iyaCXLjgAAABI"], referer: https://salernospizza.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
F242
2025-12-27 00:42:08
(6 months ago)
Wordpress Login or XMLRPC abuse
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-23 13:20:04
(6 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 23 08:19:53.767182 2025] [security2:error] [pid 13592:tid 13592] [client 154.222.132.54:57738] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||geckoturner.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "geckoturner.com"] [uri "/wp-login.php"] [unique_id "aUqW-XaJ_Ms7g_HD277OnQAAAAA"], referer: http://geckoturner.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
F242
2025-12-18 21:59:14
(6 months ago)
Wordpress Login or XMLRPC abuse
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-17 22:43:39
(6 months ago)
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 154.222.132.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 17 17:43:30.493709 2025] [security2:error] [pid 29777:tid 29796] [client 154.222.132.54:32296] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||kettlehill.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.com"] [uri "/wp-login.php"] [unique_id "aUMyErpPpBe_sxGumAdvcAAAANA"], referer: https://kettlehill.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
MAGIC
2025-12-08 04:00:26
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot