๐บ๐ธ
TPI-Abuse
2025-11-10 23:37:08
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 18:37:01.030643 2025] [security2:error] [pid 32166:tid 32166] [client 2a0b:f4c2::2:64374] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||investorscalifornia.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "investorscalifornia.com"] [uri "/lifornia.sql"] [unique_id "aRJ3HR-mDNBDuChInzzGxAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-09 06:26:52
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 09 01:26:44.909415 2025] [security2:error] [pid 17056:tid 17056] [client 2a0b:f4c2::2:38388] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.prayers4america.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.prayers4america.com"] [uri "/daily.sql"] [unique_id "aRA0JP8KMnAbaLjPtrwe8gAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2025-11-03 15:06:54
(8 months ago)
(modsecurity) srv103 ModSecurity 2a0b:f4c2::2 (Unknown): 5 in the last 3600 secs; Ports: *; Directio ...
show more
(modsecurity) srv103 ModSecurity 2a0b:f4c2::2 (Unknown): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ต๐ฑ
ketovoila.pl
2025-11-03 10:47:38
(8 months ago)
ketovoila.pl HONEYPOT traffic: count=4, paths=4; sample_path=ketovoila.pl/ila.sql; UA=Mozilla/5.0 (W ...
show more
ketovoila.pl HONEYPOT traffic: count=4, paths=4; sample_path=ketovoila.pl/ila.sql; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36; window=2025-11-03T10:14:31Z..2025-11-03T10:14:30Z
show less
Port Scan
Hacking
Brute-Force
๐ณ๐ฑ
Mangelot Hosting
2025-10-31 01:16:10
(8 months ago)
(db_admin_scan) srv103 DB admin scan 2a0b:f4c2::2 (Unknown): 1 in the last 3600 secs; Ports: *; Dire ...
show more
(db_admin_scan) srv103 DB admin scan 2a0b:f4c2::2 (Unknown): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ณ๐ฑ
SysAdmin Dylan
2025-10-27 21:04:24
(8 months ago)
(directadmin) Failed DirectAdmin phpMyAdmin login from 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org ...
show more
(directadmin) Failed DirectAdmin phpMyAdmin login from 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DIRECTADMIN; Logs: Oct 27 22:03:38 user denied: wordpress (mysql-denied) from 2a0b:f4c2::2
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-26 02:28:43
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 25 22:28:38.758437 2025] [security2:error] [pid 22781:tid 22781] [client 2a0b:f4c2::2:51176] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lockdownclaim.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lockdownclaim.com"] [uri "/lockdown.sql"] [unique_id "aP2HVvpMGB-AIUNICQAtHwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dbmwebdesign
2025-10-25 09:00:11
(8 months ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-20 07:51:33
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 20 03:51:28.308198 2025] [security2:error] [pid 7327:tid 7327] [client 2a0b:f4c2::2:58652] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||masalamadrid.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "masalamadrid.com"] [uri "/drid.sql"] [unique_id "aPXqALq-QJOn_PnVec6FggAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-17 21:29:45
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:225170) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 17 17:29:39.157595 2025] [security2:error] [pid 32574:tid 32574] [client 2a0b:f4c2::2:25380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fatbastardcompetition.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fatbastardcompetition.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPK1Q4FA7frDts-dgofd3QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
xmission.com
2025-10-16 00:09:05
(8 months ago)
Blocked by UFW (TCP on 8333)
Source port: 26476
Packet length: 80
This report (for 2a0b:f4c2:0000:0 ...
show more
Blocked by UFW (TCP on 8333)
Source port: 26476
Packet length: 80
This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0002) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐ณ๐ฑ
Mangelot Hosting
2025-10-14 21:48:55
(8 months ago)
(modsecurity) srv102 ModSecurity 2a0b:f4c2::2 (Unknown): 5 in the last 3600 secs; Ports: *; Directio ...
show more
(modsecurity) srv102 ModSecurity 2a0b:f4c2::2 (Unknown): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ฆ๐บ
afleventoffice.com.au
2025-10-08 19:21:07
(8 months ago)
GET /administrator/ HTTP/1.1
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-07 15:45:14
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 07 11:45:07.597098 2025] [security2:error] [pid 9157:tid 9157] [client 2a0b:f4c2::2:59304] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.surviquo.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.surviquo.com"] [uri "/daily.sql"] [unique_id "aOU1g_z6z7pLEgOHJpVNggAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-06 14:04:14
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 06 10:04:07.754338 2025] [security2:error] [pid 7436:tid 7451] [client 2a0b:f4c2::2:60446] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||plumeraproductions.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "plumeraproductions.com"] [uri "/wordpress.sql"] [unique_id "aOPMV4NGaKloLdRa31LvWgAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack