๐ฉ๐ช
HandyTreff.de
2026-02-25 07:52:16
(4 months ago)
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.646 (Bad < -10 / Very Bad < -20 ...
show more
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.646 (Bad < -10 / Very Bad < -20 / Extreme < -35) | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Sa
show less
Web App Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-01-17 13:16:26
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 08:16:18.649765 2026] [security2:error] [pid 7359:tid 7359] [client 154.29.25.137:52477] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.original"] [unique_id "aWuLon81WeApAGQXHdLZswAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 19:40:57
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:40:52.110402 2025] [security2:error] [pid 22840:tid 22961] [client 154.29.25.137:56095] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.net|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/ui/gradio_api/file=https:/example.com"] [unique_id "aVLZRPUSdzJ-gbjPWKhgUwAAAJg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-01 06:21:51
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:21:42.990163 2025] [security2:error] [pid 5083:tid 5091] [client 154.29.25.137:32981] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/localhost.key"] [unique_id "aS0z9rlODMhtlQGnj5dBogAAAEU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 08:49:58
(7 months ago)
(mod_security) mod_security (id:220150) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:220150) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:49:53.760688 2025] [security2:error] [pid 24466:tid 24466] [client 154.29.25.137:56383] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\*.{0,399}\\\\*\\\\/)?select)" at ARGS:id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5662"] [id "220150"] [rev "5"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)||ftp.nbcnewsradio.com|F|2"] [data "-1unionselect1,md5(999999999),3,4,5--"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ftp.nbcnewsradio.com"] [uri "/admin/manage_user.php"] [unique_id "aRWbsdeOyX_JlbyjbqFuuwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2025-08-18 09:39:44
(10 months ago)
WP probing for vulnerabilities
Hacking
Exploited Host
๐ธ๐ฌ
raramos
2025-08-07 19:00:07
(10 months ago)
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed ...
show more
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed'
in sorbs:'listed [web], [spam]'
in Unsubscore:'listed'
*(RWIN=8192)(04:10)
show less
Web Spam
Email Spam
Port Scan
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-27 00:10:23
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:09:36.225517 2025] [security2:error] [pid 24708:tid 24751] [client 154.29.25.137:47349] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.net|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/db.php.bak"] [unique_id "aIVuQNCGcANRee83lKGgAgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-29 21:04:57
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 154.29.25.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 17:04:52.727593 2025] [security2:error] [pid 3499288:tid 3499288] [client 154.29.25.137:35593] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.env.prod"] [unique_id "aDjL9OCPBiMa00WEFfswkQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dayda.net
2025-05-22 09:33:00
(1 year ago)
query: option=com_omphotogallery&controller=../../../../../../../../../etc/passwd
Bad Web Bot
Anonymous
2025-02-01 10:10:02
(1 year ago)
| Shellshock attack attempt
Hacking
SQL Injection
Web App Attack