๐ณ๐ฑ
EGP Abuse Dept
2026-02-25 14:22:07
(4 months ago)
Scanning for web/db/file exploits on www.s-b-k.nl
SQL Injection
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-18 03:27:27
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 22:27:23.289556 2026] [security2:error] [pid 1618022:tid 1618022] [client 156.239.222.70:56562] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.staben.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.staben.com"] [uri "/wp-login.php"] [unique_id "aZUxm-Lgo0QBiZsbfU2JTAAAABE"], referer: https://www.staben.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-14 01:23:33
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 20:23:26.007698 2026] [security2:error] [pid 12102:tid 12102] [client 156.239.222.70:32934] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||casadelsolmexico.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "casadelsolmexico.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "aY_OjiPthUTHhyaL4j3PqwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 15:22:41
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 10:22:33.375005 2026] [security2:error] [pid 2567:tid 2567] [client 156.239.222.70:57452] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||arthuryeung.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "arthuryeung.net"] [uri "/wp-login.php"] [unique_id "aYiqOekT_OV_6quFZ0EI8QAAAAg"], referer: http://arthuryeung.net/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Packets-Decreaser.NET
2025-12-31 00:58:47
(6 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐บ๐ธ
TPI-Abuse
2025-12-18 23:33:36
(6 months ago)
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 18 18:33:29.625657 2025] [security2:error] [pid 8457:tid 8457] [client 156.239.222.70:58850] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||lawrencehale.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "lawrencehale.com"] [uri "/wp-login.php"] [unique_id "aUSPSVqCGCYvW0s041DjGwAAABU"], referer: https://lawrencehale.com/wp-login.php
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-15 10:57:50
(7 months ago)
botnet
DDoS Attack
๐บ๐ธ
TPI-Abuse
2025-11-20 20:30:10
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 156.239.222.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 20 15:30:05.841929 2025] [security2:error] [pid 31638:tid 31640] [client 156.239.222.70:15721] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||beckhofmann.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "beckhofmann.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aR96TbaL_92XJ_6Qm8XhawAAAAA"], referer: https://beckhofmann.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ps-center
2025-11-01 07:57:32
(8 months ago)
C2: Web Attack POST /wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
Anonymous
2025-07-31 13:24:52
(11 months ago)
Attempted brute force login to web vpn 2 time(s); last attempt for 2025.07.31 is noted in report tim ...
show more
Attempted brute force login to web vpn 2 time(s); last attempt for 2025.07.31 is noted in report timestamp
show less
Hacking
Brute-Force
๐ฎ๐ณ
wizard1411
2025-06-14 16:57:38
(1 year ago)
DDoS and brute force activity detected
Brute-Force
SSH
๐บ๐ธ
COMPLEX
2025-05-07 16:40:32
(1 year ago)
Triggered Cloudflare WAF (l7ddos) from US.
Action taken: BLOCK
ASN: 200373 (DREI-K-TECH-GMBH)
Protoc ...
show more
Triggered Cloudflare WAF (l7ddos) from US.
Action taken: BLOCK
ASN: 200373 (DREI-K-TECH-GMBH)
Protocol: HTTP/2 (GET method)
Timestamp: 2025-05-07T16:35:15Z
show less
Bad Web Bot
๐ฉ๐ช
Packets-Decreaser.NET
2025-05-04 22:15:50
(1 year ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam