๐ฉ๐ช
netclix.gr
2026-06-19 02:33:53
(1 week ago)
(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs ...
show more
(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 197.234.221.191 - - [19/Jun/2026:05:33:50 +0300] "GET /webmail HTTP/2.0" 403 86 "-" "python-requests/2.32.3"
show less
Port Scan
๐ฉ๐ช
netclix.gr
2026-06-16 09:28:24
(1 week ago)
(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs ...
show more
(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 197.234.221.191 - - [16/Jun/2026:12:28:22 +0300] "GET /webmail HTTP/2.0" 403 86 "-" "python-requests/2.32.3"
show less
Port Scan
๐ฎ๐ฑ
spd.co.il
2026-06-16 07:01:43
(1 week ago)
Web application attack detected
Hacking
Web App Attack
๐ฎ๐น
VHosting
2025-12-22 22:07:37
(6 months ago)
Detected attack and reported by a human
DDoS Attack
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2025-08-19 07:16:13
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 03:16:07.468106 2025] [security2:error] [pid 968575:tid 968579] [client 197.234.221.191:43895] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.howardhallis.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.howardhallis.com"] [uri "/"] [unique_id "aKQkt4NGFOZdVBh6ZeDktAAAAEI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 06:44:39
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 02:44:32.348190 2025] [security2:error] [pid 30035:tid 30035] [client 197.234.221.191:11152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.uppermotradingco.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.uppermotradingco.com"] [uri "/"] [unique_id "aKQdUFN8e3pOaiSnU95c2AAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 06:19:37
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 02:19:32.027450 2025] [security2:error] [pid 21292:tid 21292] [client 197.234.221.191:21274] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||aes-nihil.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aes-nihil.com"] [uri "/"] [unique_id "aKQXdILYiuNch4UW2AMe8AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 04:21:10
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 00:21:04.980166 2025] [security2:error] [pid 18863:tid 18863] [client 197.234.221.191:33176] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.studioarts.net|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.studioarts.net"] [uri "/"] [unique_id "aKP7sDj7w9W0FFhWLciAwAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 04:03:36
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 00:03:28.413393 2025] [security2:error] [pid 24258:tid 24258] [client 197.234.221.191:10884] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.spacebooger.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.spacebooger.com"] [uri "/"] [unique_id "aKP3kCW_hk_hXl2keXUacAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 01:40:30
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 18 21:40:27.044467 2025] [security2:error] [pid 23970:tid 23970] [client 197.234.221.191:8158] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.esware.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.esware.com"] [uri "/"] [unique_id "aKPWC9figJS9D_iZLjjpegAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-19 01:04:15
(10 months ago)
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 18 21:04:07.365926 2025] [security2:error] [pid 4187:tid 4187] [client 197.234.221.191:3099] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.dmasoftlab.com|F|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.dmasoftlab.com"] [uri "/cont/home"] [unique_id "aKPNh4g2FBOSU0UoI7Y45gAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
exxos
2025-08-18 19:03:01
(10 months ago)
Attacks with Bad user agents
Hacking
๐จ๐ญ
zynex
2024-08-31 07:01:14
(1 year ago)
URL Probing: /xmlrpc.php
Web App Attack