๐ฉ๐ช
Savvii
2026-06-10 08:37:57
(3 weeks ago)
20 attempts against mh-misbehave-ban on web-new
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-04-26 21:04:03
(2 months ago)
2026-04-26 08:00:48,883 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4 ...
show more
2026-04-26 08:00:48,883 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4
2026-04-26 12:01:38,797 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4
2026-04-26 18:01:36,444 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4
2026-04-26 21:01:33,969 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4
2026-04-27 00:04:02,906 fail2ban.actions [7718]: NOTICE [tor] Ban 2a06:1700:0:1c1::1902:38d4
show less
Brute-Force
๐ฎ๐น
VHosting
2026-03-26 19:57:56
(3 months ago)
Detected attack and reported by a human
Brute-Force
Web App Attack
SSH
DDoS Attack
Exploited Host
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-03-09 04:14:03
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 00:13:54.801902 2026] [security2:error] [pid 27155:tid 27155] [client 2a06:1700:0:1c1::1902:38d4:43150] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||geckoturner.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "geckoturner.com"] [uri "/archive.sql"] [unique_id "aa5JAjL-9YFfOPmTQNqfJQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-02-03 22:59:26
(5 months ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-02-02.
show less
Hacking
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2026-01-06 15:41:07
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 06 10:41:00.553887 2026] [security2:error] [pid 17506:tid 17506] [client 2a06:1700:0:1c1::1902:38d4:43438] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rentadeandamioscdmx.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rentadeandamioscdmx.com"] [uri "/weekly.sql"] [unique_id "aV0tDJoQSEAVPG2jLD3WvwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-02 07:29:47
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 02 02:29:37.321259 2026] [security2:error] [pid 18228:tid 18245] [client 2a06:1700:0:1c1::1902:38d4:57452] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||frannykingsmith.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "frannykingsmith.com"] [uri "/frannyki.sql"] [unique_id "aVdz4dR1RRmykTVFBQsRXwAAAU8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-12 21:04:09
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 12 16:04:02.774622 2025] [security2:error] [pid 26585:tid 26585] [client 2a06:1700:0:1c1::1902:38d4:34426] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||transcapitalsolutions.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "transcapitalsolutions.com"] [uri "/transcapitalsoluti.sql"] [unique_id "aTyDQts2kCliK2mJ9urocAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-12 03:21:39
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 22:21:31.232520 2025] [security2:error] [pid 30866:tid 30866] [client 2a06:1700:0:1c1::1902:38d4:37804] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hodlmoser.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hodlmoser.com"] [uri "/hodl.sql"] [unique_id "aTuKO2MzrjsJASTtB4wGFAAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-09 07:34:33
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 02:34:27.789390 2025] [security2:error] [pid 28900:tid 28900] [client 2a06:1700:0:1c1::1902:38d4:59190] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||capriexpress.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "capriexpress.com"] [uri "/c.sql"] [unique_id "aTfRA1KJOWA4Jvuf8nyEGAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-08 16:15:38
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 11:15:30.789532 2025] [security2:error] [pid 24435:tid 24435] [client 2a06:1700:0:1c1::1902:38d4:47114] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bigislandhawaiicoffee.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bigislandhawaiicoffee.com"] [uri "/bigi.sql"] [unique_id "aTb5onu9hWCxIQu8UoiQGgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-07 09:45:00
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 04:44:52.812897 2025] [security2:error] [pid 9614:tid 9614] [client 2a06:1700:0:1c1::1902:38d4:35436] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tonysargbooks.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tonysargbooks.com"] [uri "/backupdb.sql"] [unique_id "aTVMlAs6XQnvWoAFdkFMYwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-07 01:07:01
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 20:06:54.828044 2025] [security2:error] [pid 3837:tid 3837] [client 2a06:1700:0:1c1::1902:38d4:54732] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||churchbehindthewalls.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "churchbehindthewalls.com"] [uri "/alls_com.sql"] [unique_id "aTTTLjUjxff1OfZQOXtqCgAAACQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-06 18:10:16
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 13:10:06.798207 2025] [security2:error] [pid 3344:tid 3360] [client 2a06:1700:0:1c1::1902:38d4:47750] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||councilofforeignministers.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "councilofforeignministers.com"] [uri "/bck.sql"] [unique_id "aTRxfpW57HUKOLrFSQ0o5wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-05 05:47:17
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210730) triggered by 2a06:1700:0:1c1::1902:38d4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:47:06.226850 2025] [security2:error] [pid 17743:tid 17743] [client 2a06:1700:0:1c1::1902:38d4:44078] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lesbidrawn.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lesbidrawn.com"] [uri "/lesbi.sql"] [unique_id "aTJx2jAZzfyRGi95hdOdCAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack