Anonymous
2026-05-27 09:28:19
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
πΊπΈ
kosada.com
2026-05-05 16:52:39
(2 months ago)
Web vulnerability probing: /wordpress/wp-admin/includes/
Web App Attack
π¨π
backslash
2026-04-16 16:18:03
(2 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
π©πͺ
filstal.org
2026-03-29 18:26:34
(3 months ago)
Brute-force/Enumeration: Multiple login attempts for non-existent mail accounts (Honeytrap).
Email Spam
Brute-Force
π©πͺ
london2038.com
2026-03-22 00:56:25
(3 months ago)
Connection atttempts against closed TCP ports
Mar 22 01:53:24 BLOCK SRC=185.198.243.196 LEN=52 TOS=0 ...
show more
Connection atttempts against closed TCP ports
Mar 22 01:53:24 BLOCK SRC=185.198.243.196 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=6866 DF PROTO=TCP SPT=55457 DPT=8000 WINDOW=65500 RES=0x00 SYN
Mar 22 01:53:25 BLOCK SRC=185.198.243.196 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=6867 DF PROTO=TCP SPT=55457 DPT=8000 WINDOW=65500 RES=0x00 SYN
Mar 22 01:53:58 BLOCK SRC=185.198.243.196 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=39383 DF PROTO=TCP SPT=11743 DPT=37777 WINDOW=65500 RES=0x00 SYN
show less
Port Scan
πΊπΈ
mnsf
2026-03-04 05:06:12
(4 months ago)
Too many Status 40X (12)
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-20 00:52:09
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 19:52:01.058507 2026] [security2:error] [pid 28335:tid 28335] [client 185.198.243.196:20819] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mpaexchangeinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mpaexchangeinc.com"] [uri "/dump.sql"] [unique_id "aZewMdykKdrzuhNqbrV89QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-19 02:04:35
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:04:30.172121 2026] [security2:error] [pid 23079:tid 23079] [client 185.198.243.196:34771] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lundtrading.com"] [uri "/backup/sftp-config.json"] [unique_id "aZZvriZbKxmDdiBeGNCamQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π²πΎ
Rizzy
2026-01-09 11:39:23
(6 months ago)
Multiple WAF Violations
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-16 01:49:13
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 185.198.243.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 20:49:07.138517 2025] [security2:error] [pid 1532:tid 1532] [client 185.198.243.196:25893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "matteozacchino.dev"] [uri "/backups/sftp-config.json"] [unique_id "aRktk8RGqInuJFiusf21JAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
Penny Packer
2025-11-15 04:54:08
(8 months ago)
Fail2Ban apache-tripwires
Web App Attack
π΅π±
Gastro
2025-10-24 05:46:47
(8 months ago)
Mass fake bookings
Fraud Orders
π«π·
dynamix
2025-09-17 06:42:36
(9 months ago)
Multiple WAF Violations
Web App Attack
Anonymous
2025-09-17 03:58:55
(9 months ago)
wordpress-trap
Web App Attack
π¦πΊ
advena
2025-09-13 18:46:01
(10 months ago)
185.198.243.196 (AS62240 CLOUVIDER Clouvider - Global ASN) was intercepted at 2025-09-13T18:39:07Z a ...
show more
185.198.243.196 (AS62240 CLOUVIDER Clouvider - Global ASN) was intercepted at 2025-09-13T18:39:07Z after violating WAF directive: 874a3e315c344b1281ad4f00046aab6f. Pre-cautionary/corrective action applied: managed_challenge.
show less
Web Spam
Hacking
Brute-Force
Web App Attack