๐ณ๐ฑ
SysAdmin Dylan
2025-10-27 19:37:58
(8 months ago)
(directadmin) Failed DirectAdmin phpMyAdmin login from 2a00:1b88:4::4 (Unknown): 10 in the last 3600 ...
show more
(directadmin) Failed DirectAdmin phpMyAdmin login from 2a00:1b88:4::4 (Unknown): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DIRECTADMIN; Logs: Oct 27 20:37:36 user denied: wordpress (mysql-denied) from 2a00:1b88:4::4
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-26 23:10:55
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 26 19:10:51.017857 2025] [security2:error] [pid 15011:tid 15011] [client 2a00:1b88:4::4:55744] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||weird.eco|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "weird.eco"] [uri "/backup.sql"] [unique_id "aP6qe7C7BeSHuur-SmAH9QAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
stinpriza
2025-10-25 21:41:04
(8 months ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-17 23:37:53
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:225170) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 17 19:37:46.341161 2025] [security2:error] [pid 2170:tid 2170] [client 2a00:1b88:4::4:37888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fatbastardcompetition.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fatbastardcompetition.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPLTStsnVfod5VgNDZet8QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-13 18:39:56
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 14:39:48.351195 2025] [security2:error] [pid 17612:tid 17612] [client 2a00:1b88:4::4:52866] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||therocketmice.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "therocketmice.com"] [uri "/the.sql"] [unique_id "aO1HdIOZs02ppadtfc8L0AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-12 09:40:37
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 12 05:40:30.673994 2025] [security2:error] [pid 15426:tid 15426] [client 2a00:1b88:4::4:56124] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||convtek.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "convtek.com"] [uri "/vtek_com.sql"] [unique_id "aOt3jt42wJ8b53iBdaju1wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-12 01:49:06
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 11 21:49:01.387951 2025] [security2:error] [pid 17901:tid 17901] [client 2a00:1b88:4::4:48550] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gabbyspetnanny.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gabbyspetnanny.com"] [uri "/nanny.sql"] [unique_id "aOsJDRg1V95PmmCvly8CzgAAADE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-08 15:54:27
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 08 11:54:20.353430 2025] [security2:error] [pid 29295:tid 29295] [client 2a00:1b88:4::4:50920] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||rodeeinsurance.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rodeeinsurance.com"] [uri "/nce.sql"] [unique_id "aOaJLKVHYdZ2SmtuzGU09wAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
nfsec.pl
2025-10-07 07:36:06
(8 months ago)
2a00:1b88:4::4 - - [07/Oct/2025:09:36:01 +0200] "GET /backupwp.sql HTTP/2.0" 404 24662 "-" "Mozilla/ ...
show more
2a00:1b88:4::4 - - [07/Oct/2025:09:36:01 +0200] "GET /backupwp.sql HTTP/2.0" 404 24662 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
2a00:1b88:4::4 - - [07/Oct/2025:09:36:03 +0200] "GET /bck.sql HTTP/2.0" 404 24529 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
2a00:1b88:4::4 - - [07/Oct/2025:09:36:04 +0200] "GET /ww.sql HTTP/2.0" 404 24570 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
2a00:1b88:4::4 - - [07/Oct/2025:09:36:05 +0200] "GET /.sql HTTP/2.0" 404 24628 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
2a00:1b88:4::4 - - [07/Oct/2025:09:36:06 +0200] "GET /latest.sql HTTP/2.0" 404 24573 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gec
...
show less
Exploited Host
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2025-10-06 09:48:01
(8 months ago)
(db_admin_scan) srv103 DB admin scan 2a00:1b88:4::4 (Unknown): 1 in the last 3600 secs; Ports: *; Di ...
show more
(db_admin_scan) srv103 DB admin scan 2a00:1b88:4::4 (Unknown): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-04 18:27:48
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 04 14:27:41.928747 2025] [security2:error] [pid 3031:tid 3031] [client 2a00:1b88:4::4:36584] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.eran.construction|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.eran.construction"] [uri "/era.sql"] [unique_id "aOFnHSSkIK1BRLbZKsTk-QAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-04 13:02:16
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 04 09:02:11.268638 2025] [security2:error] [pid 30297:tid 30316] [client 2a00:1b88:4::4:42738] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||amazinglips.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "amazinglips.com"] [uri "/daily.sql"] [unique_id "aOEa0-3ziwbvQB6pvumNsAAAAM4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-04 04:31:35
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 04 00:31:26.063227 2025] [security2:error] [pid 29466:tid 29466] [client 2a00:1b88:4::4:43194] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||velvetculture.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "velvetculture.com"] [uri "/velvetcultur.sql"] [unique_id "aOCjHmZ9z6wwOl7o2ywzuwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-03 22:10:24
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 03 18:10:16.677948 2025] [security2:error] [pid 30988:tid 30988] [client 2a00:1b88:4::4:56882] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gangnagel.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gangnagel.com"] [uri "/gangnag.sql"] [unique_id "aOBJyJYh51YdbgGMuvqvvQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-03 19:09:45
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 2a00:1b88:4::4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 03 15:09:39.680285 2025] [security2:error] [pid 23670:tid 23670] [client 2a00:1b88:4::4:41778] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||desertalfas.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "desertalfas.org"] [uri "/dese.sql"] [unique_id "aOAfc6Ju3sE9ZxVXh-xd-wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack