๐น๐ท
ferique
2026-07-03 01:58:32
(8 hours ago)
Real-time Intercept: DNN_AUTH attack. Reference: 2026-07-03 04:58:25.3492 Login failure: 198.11.177 ...
show more
Real-time Intercept: DNN_AUTH attack. Reference: 2026-07-03 04:58:25.3492 Login failure: 198.11.177.243 DNN_AUTH
show less
Web App Attack
Bad Web Bot
๐ฉ๐ช
big-cloud.nl
2026-07-03 00:50:49
(10 hours ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐จ๐ฟ
plzenskypruvodce.cz
2026-07-02 18:38:19
(16 hours ago)
[Thu Jul 02 20:38:18.526598 2026] [authz_core:error] [pid 2431370:tid 2431437] [client 198.11.177.24 ...
show more
[Thu Jul 02 20:38:18.526598 2026] [authz_core:error] [pid 2431370:tid 2431437] [client 198.11.177.243:37188] AH01630: client denied by server configuration: /var/www/baletniskola-ok.cz/www/wp-content/themes/baletniskola/index.php, referer: https://baletniskola-ok.cz/wp-content/themes/baletniskola
[Thu Jul 02 20:38:18.526746 2026] [authz_core:error] [pid 2431370:tid 2431437] [client 198.11.177.243:37188] AH01630: client denied by server configuration: /var/www/baletniskola-ok.cz/www/wp-content/themes/baletniskola/index.php, referer: https://baletniskola-ok.cz/wp-content/themes/baletniskola
...
show less
Web App Attack
๐ฉ๐ช
sdos.es
2026-07-02 12:34:34
(22 hours ago)
"Multiple/Conflicting Connection Header Data Found - keep-alive, close"
Web App Attack
๐ฌ๐ง
OptimusGO
2026-07-02 07:27:16
(1 day ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-07-02 08:27:16 UTC
Log evidence:
07/02/2026-08:27:16.091715 [**] [1:2221035:1] SURICATA HTTP Request excessive header repetition [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 198.11.177.243:42852 -> 185.127.18.66:80
show less
Port Scan
Brute-Force
๐ซ๐ท
pm33
2026-07-01 22:53:21
(1 day ago)
Unsolicited connection attempts or aggressive port scan.
Port Scan
๐ญ๐ฐ
www.winos.me
2026-07-01 10:15:53
(2 days ago)
Shield: Layer4 Port 9 Trap
Port Scan
Hacking
๐น๐ผ
tye
2026-07-01 07:10:49
(2 days ago)
Wazuh Alert Evidence: 198.11.177.243 (198.11.177.243) - - [01/Jul/2026:15:10:47 +0800] "GET / HTTP/1 ...
show more
Wazuh Alert Evidence: 198.11.177.243 (198.11.177.243) - - [01/Jul/2026:15:10:47 +0800] "GET / HTTP/1.0" 400 622 "-" "-"
show less
Web App Attack
๐ฉ๐ช
centurion
2026-06-30 07:16:53
(3 days ago)
Blocked by UFW on ns02 [80/tcp] Source port: 52990 TTL: 43 Packet length: 60 TOS: 0x00 This report ...
show more
Blocked by UFW on ns02 [80/tcp] Source port: 52990 TTL: 43 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 06:00:37
(3 days ago)
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:00:30.642390 2026] [security2:error] [pid 8114:tid 8114] [client 198.11.177.243:53712] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||alejandrogorsse.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "alejandrogorsse.com"] [uri "/"] [unique_id "akNbfnKpWwwSM2odU6fIKQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 00:58:59
(3 days ago)
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 20:58:52.311308 2026] [security2:error] [pid 30138:tid 30138] [client 198.11.177.243:48510] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||naplesdogcenter.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "naplesdogcenter.com"] [uri "/"] [unique_id "akMUzERJop2SuV4rdpt6YAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
NXTwoThou
2026-06-29 23:51:28
(3 days ago)
Http scans of direct ips
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 21:41:52
(3 days ago)
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 17:41:45.944798 2026] [security2:error] [pid 9568:tid 9568] [client 198.11.177.243:42174] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||butterflygolem.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "butterflygolem.com"] [uri "/"] [unique_id "akLmmTUsncB1VRJm0KdQRgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
JustMeHere
2026-06-29 19:12:31
(3 days ago)
[Mon Jun 29 15:12:26.814178 2026] [security2:error] [pid 906:tid 1042] [client 198.11.177.243:42100] ...
show more
[Mon Jun 29 15:12:26.814178 2026] [security2:error] [pid 906:tid 1042] [client 198.11.177.243:42100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "73.88.79.72"] [uri "/"] [unique_id "akLDmkTAbF5PH7vpLYfi7QAAAE0"]
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 18:04:34
(3 days ago)
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 198.11.177.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 14:04:28.135654 2026] [security2:error] [pid 11260:tid 11260] [client 198.11.177.243:58072] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||scc1.us|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "scc1.us"] [uri "/"] [unique_id "akKzrEKdWsbMM_O9uPRNoQAAAAg"], referer: http://www.stubblefielddevelopmentcompany.com
show less
Brute-Force
Bad Web Bot
Web App Attack