๐ฏ๐ต
SentinalX by uzumaru
2026-07-06 04:21:03
(5 days ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: one.one.one.one:443
show less
Open Proxy
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-03 22:07:18
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 18:07:12.470730 2026] [security2:error] [pid 22338:tid 22338] [client 155.2.216.19:42275] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||photojeniq.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "photojeniq.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgykI0C3-jL2qP5dXbVxwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 21:47:17
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:47:09.567300 2026] [security2:error] [pid 5776:tid 5776] [client 155.2.216.19:45851] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||canonarizona.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "canonarizona.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgt3aN_t4CZzIAwfEn2ewAAACQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 21:13:19
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:13:11.764797 2026] [security2:error] [pid 12110:tid 12110] [client 155.2.216.19:57673] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||burnshieldmena.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "burnshieldmena.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgl5-611N7lZA9toP_ZUQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:57:35
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:57:27.871886 2026] [security2:error] [pid 15940:tid 15940] [client 155.2.216.19:61689] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sailyourkayak.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sailyourkayak.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgiN9IN3hjweh4otmupMAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:39:40
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:39:37.309993 2026] [security2:error] [pid 10264:tid 10264] [client 155.2.216.19:27073] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||michaelsabbey.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "michaelsabbey.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgeCT8v4ffcWDwPbuAJlQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:24:10
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:24:04.838950 2026] [security2:error] [pid 3734:tid 3734] [client 155.2.216.19:34615] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rhysryan.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rhysryan.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgaZO2HzdBaISI-i3PDDwAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:03:16
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:03:10.927113 2026] [security2:error] [pid 23549:tid 23932] [client 155.2.216.19:45697] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||swizzlestick.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "swizzlestick.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgVfoGZwPs6qzTmUClpQAAAAEo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 19:42:55
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:42:47.637632 2026] [security2:error] [pid 2424:tid 2424] [client 155.2.216.19:46245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||valkyriepanthers.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "valkyriepanthers.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgQt2jqrM8kCeeR4EJAuAAAAGg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 19:23:46
(1 week ago)
(mod_security) mod_security (id:949110) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:949110) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:23:43.353639 2026] [security2:error] [pid 23201:tid 23201] [client 155.2.216.19:21575] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tribalgamingtech.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgMP6W-wgmO0qXUfR5W9gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 19:00:14
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:00:08.342990 2026] [security2:error] [pid 25777:tid 25777] [client 155.2.216.19:60315] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||elpasoheroes.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "elpasoheroes.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgGuNuJL_cx445TNZX0cQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 18:34:56
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 14:34:49.243131 2026] [security2:error] [pid 7901:tid 7957] [client 155.2.216.19:64585] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wijaya.biz|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wijaya.biz"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akgAyR_kPW8e2YOeA1GjzgAAAFY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 18:07:05
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 14:06:57.379312 2026] [security2:error] [pid 11526:tid 11526] [client 155.2.216.19:36671] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rgvatvrepair.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rgvatvrepair.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akf6QTJOCR1pfNjZqpy9kAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
slay3r9903
2026-07-03 09:24:44
(1 week ago)
IP address blocked by Cloudflare security rules due to suspicious activity and security violations.
Hacking
Bad Web Bot
๐ฉ๐ช
ketovoila.pl
2026-07-02 05:40:32
(1 week ago)
ketovoila.pl web app/PHP backdoor scan: hits=1; unique_paths=1; sample_paths=/vendor/phpunit/phpunit ...
show more
ketovoila.pl web app/PHP backdoor scan: hits=1; unique_paths=1; sample_paths=/vendor/phpunit/phpunit/phpunit.xsd; UA="Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"; window=2026-07-02T05:40:32Z..2026-07-02T05:40:32Z
show less
Bad Web Bot
Web App Attack