ππΊ
bcsaba
2026-04-11 15:42:30
(2 months ago)
Repeated request on blocked xmlrpc.php.
169.150.218.68 - - [11/Apr/2026:17:42:12 +0200] "POST /xmlrp ...
show more
Repeated request on blocked xmlrpc.php.
169.150.218.68 - - [11/Apr/2026:17:42:12 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/80.0.0.0 Safari/537.36"
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-04 23:55:32
(3 months ago)
(mod_security) mod_security (id:218580) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.c ...
show more
(mod_security) mod_security (id:218580) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 19:55:26.394590 2026] [security2:error] [pid 10928:tid 10928] [client 169.150.218.68:11424] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\/\\\\*[!+](?:[\\\\w\\\\s=_\\\\-()]+)?\\\\*\\\\/)" at ARGS:autoplay. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "76"] [id "218580"] [rev "1"] [msg "COMODO WAF: MySQL in-line comment detected.||WWW.ARSNDETX.COM|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.arsndetx.com"] [uri "/player"] [unique_id "adGk7uvw3eK0wHbclW5BNwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-03-20 20:24:13
(3 months ago)
Backdrop CMS module - forbidden user agent
Bad Web Bot
Web App Attack
πΉπ·
rtbh.com.tr
2026-03-17 20:12:07
(3 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
π¬π§
consul.to
2026-03-17 10:32:38
(3 months ago)
Web attack/malicious scanning detected
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-17 01:08:32
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.c ...
show more
(mod_security) mod_security (id:225170) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 21:08:25.519558 2026] [security2:error] [pid 2355:tid 2355] [client 169.150.218.68:62794] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||saadeh.ws|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "saadeh.ws"] [uri "/wp-json/wp/v2/users"] [unique_id "abipiawRVuf0jh5T-5HbxAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-17 00:34:06
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.c ...
show more
(mod_security) mod_security (id:225170) triggered by 169.150.218.68 (unn-169-150-218-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 20:33:58.863109 2026] [security2:error] [pid 15301:tid 15301] [client 169.150.218.68:39078] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pleaseaddbacon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pleaseaddbacon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abihdgnx5aYhGEQz3GQLMwAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
LRob
2026-03-16 20:15:04
(3 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
π«π·
masterguru
2026-02-14 16:59:41
(4 months ago)
(xmlrpc) Apache: Failed xmlrpc access from 169.150.218.68 (NL/The Netherlands/unn-169-150-218-68.dat ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 169.150.218.68 (NL/The Netherlands/unn-169-150-218-68.datapacket.com): 10 in the last 3600 secs (0-180)
show less
Hacking
π©πͺ
LRob
2025-10-04 16:18:21
(9 months ago)
Apache web server attack detected by Fail2Ban in plesk-apache jail
Web App Attack
πΊπΈ
xmission.com
2025-09-19 12:58:44
(9 months ago)
Blocked by UFW (TCP on 9101)
Source port: 36772
TTL: 49
Packet length: 60
TOS: 0x08
This report (fo ...
show more
Blocked by UFW (TCP on 9101)
Source port: 36772
TTL: 49
Packet length: 60
TOS: 0x08
This report (for 169.150.218.68) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
πΊπΈ
masterguru
2025-09-09 14:38:18
(9 months ago)
PHP Injection Attack: Variable Function Call Found. Pattern match "(?:(?:\\\\(|\\\\ (933210-169)
Hacking
πΉπ·
rtbh.com.tr
2025-09-05 20:08:37
(10 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
πΉπ·
rtbh.com.tr
2025-09-04 20:08:37
(10 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
π³π±
exxos
2025-08-27 22:04:58
(10 months ago)
http-no-verb
Hacking