π³π±
BlueWire Hosting
2025-09-11 14:10:19
(9 months ago)
Probing for application vulnerabilities
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2025-09-11 05:42:28
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 01:42:24.246009 2025] [security2:error] [pid 8692:tid 8697] [client 2a0b:f4c2::2:24918] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||heworeblack.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "heworeblack.com"] [uri "/heworeblack.sql"] [unique_id "aMJhQF6wAvIrv_-C4JnLKAAAAUM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
CommanderRoot
2025-09-07 11:56:27
(10 months ago)
Bot crawler
DDoS Attack
Web Spam
πΊπΈ
TPI-Abuse
2025-09-05 08:31:59
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 04:31:54.222013 2025] [security2:error] [pid 22299:tid 22299] [client 2a0b:f4c2::2:49020] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||applemaccomputerconsulting.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "applemaccomputerconsulting.com"] [uri "/bck.sql"] [unique_id "aLqf-ho-JeohiQOq20_YyQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π΅π±
sefinek.net
2025-09-04 11:28:23
(10 months ago)
Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: BLOCK
Protocol: HTTP/2 (GET method) ...
show more
Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: BLOCK
Protocol: HTTP/2 (GET method)
Endpoint: /tools/ip-checker
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
π©πͺ
LRob
2025-09-04 07:00:50
(10 months ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
πΊπΈ
TPI-Abuse
2025-09-03 18:01:43
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 03 14:01:34.882245 2025] [security2:error] [pid 18928:tid 18928] [client 2a0b:f4c2::2:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||southernbroadcast.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "southernbroadcast.com"] [uri "/backup.sql"] [unique_id "aLiCfsFSR4k7Ty2_Nfb_kgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
weblite
2025-08-31 03:22:51
(10 months ago)
LONG_RUNNING WP_MALWARE_PROBE
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-31 02:37:36
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 30 22:37:31.575087 2025] [security2:error] [pid 22049:tid 22049] [client 2a0b:f4c2::2:23026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gangnagel.com"] [uri "/wp-config.php.zip"] [unique_id "aLO1awO_ESfnC5XhLFjKhAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-30 03:20:31
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 29 23:20:25.213309 2025] [security2:error] [pid 26243:tid 26243] [client 2a0b:f4c2::2:55776] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.karenbernsteinlaw.com"] [uri "/wp-config.php.zip"] [unique_id "aLJt-RYavmZXv-LR-yvd3gAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-26 11:01:23
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 26 07:01:17.939273 2025] [security2:error] [pid 24344:tid 24344] [client 2a0b:f4c2::2:43576] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||abcollie.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "abcollie.com"] [uri "/e.sql"] [unique_id "aK2T_TE5BxWsDDPOACIA2AAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
LRob
2025-08-26 09:30:29
(10 months ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
π©πͺ
SCHAPPY
2025-08-23 12:47:18
(10 months ago)
Brute-force attack to identify web exploits
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-23 01:23:58
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 22 21:23:50.741550 2025] [security2:error] [pid 5613:tid 5613] [client 2a0b:f4c2::2:61492] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||theabstractpress.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "theabstractpress.com"] [uri "/actpress.sql"] [unique_id "aKkYJrKnYJ3ySebM_xmbOAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-22 01:24:35
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::2 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 21 21:24:31.142018 2025] [security2:error] [pid 8987:tid 8987] [client 2a0b:f4c2::2:15714] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nihlabs.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nihlabs.org"] [uri "/wordpress.sql"] [unique_id "aKfGzzQxTywR2vMgQgrFyQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack