πΊπΈ
TPI-Abuse
2026-03-06 21:03:32
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 06 16:03:25.603382 2026] [security2:error] [pid 21450:tid 21450] [client 61.97.187.18:33706] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ik3co.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ik3co.com"] [uri "/bkp.bak"] [unique_id "aatBHa06hmFL2k-o0QO2tAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
FABIO EGAS
2026-03-06 17:55:56
(4 months ago)
(mod_security) mod_security triggered on hostname [redacted] 61.97.187.18 (KR/South Korea/-)
SQL Injection
π«π·
dynamix
2026-03-02 10:52:49
(4 months ago)
Multiple WAF Violations
Web App Attack
π³π±
Mangelot Hosting
2026-03-01 02:46:26
(4 months ago)
(PERMBLOCK) 61.97.187.18 (KR/South Korea/-) has had more than 4 temp blocks in the last 86400 secs; ...
show more
(PERMBLOCK) 61.97.187.18 (KR/South Korea/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs:
show less
Port Scan
π³π±
Mangelot Hosting
2026-03-01 00:43:31
(4 months ago)
(db_admin_scan) srv102 DB admin scan 61.97.187.18 (KR/South Korea/-): 1 in the last 3600 secs; Ports ...
show more
(db_admin_scan) srv102 DB admin scan 61.97.187.18 (KR/South Korea/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
πͺπΈ
robotstxt
2026-02-27 11:07:21
(4 months ago)
61.97.187.18 - - [27/Feb/2026:11:04:27 +0000] "GET /phpMyAdmin5.2.1 HTTP/1.1" 404 11217 "https://wpg ...
show more
61.97.187.18 - - [27/Feb/2026:11:04:27 +0000] "GET /phpMyAdmin5.2.1 HTTP/1.1" 404 11217 "https://wpgramenet.com/phpMyAdmin5.2.1" rt="0.127" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "35.247.243.251" h="www.wpgramenet.com" sn="www.wpgramenet.com" ru="/phpMyAdmin5.2.1" u="/index.php" ucs="-" ua="unix:/var/run/php/wpgramenet82.sock" us="404" uct="0.000" urt="0.128"
61.97.187.18 - - [27/Feb/2026:11:04:27 +0000] "GET /phpMyAdmin5.2.1 HTTP/1.1" 404 11217 "https://wpgramenet.com/phpMyAdmin5.2.1" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "35.247.243.251"
61.97.187.18 - - [27/Feb/2026:11:05:23 +0000] "GET /cgi-bin.bz HTTP/1.1" 404 11217 "https://wpgramenet.com/cgi-bin.bz" rt="0.
...
show less
Bad Web Bot
Anonymous
2026-01-27 16:31:21
(5 months ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
πΊπΈ
TPI-Abuse
2026-01-27 02:41:43
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:41:38.343350 2026] [security2:error] [pid 3329701:tid 3329701] [client 61.97.187.18:38112] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dance4ovations.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dance4ovations.com"] [uri "/master.bak"] [unique_id "aXgl4uy51lFa1LCH02KKKAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-01-27 01:34:14
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 20:34:09.158032 2026] [security2:error] [pid 681370:tid 681404] [client 61.97.187.18:48264] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "olivelawn.com"] [uri "/.env"] [unique_id "aXgWEQdB5cAcKgUc8ppZdQAAANg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΉπ·
rtbh.com.tr
2026-01-26 20:11:14
(5 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
πΊπΈ
TPI-Abuse
2026-01-22 08:08:01
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 03:07:56.034534 2026] [security2:error] [pid 32487:tid 32487] [client 61.97.187.18:35440] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||partybuswhistler.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "partybuswhistler.com"] [uri "/2024.bak"] [unique_id "aXHa3H6FsNdmUI_DmeVowAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-01-15 23:20:32
(5 months ago)
Bot / scanning and/or hacking attempts: GET /server.zip HTTP/1.1, GET /admin/phpmyadmin HTTP/1.1, GE ...
show more
Bot / scanning and/or hacking attempts: GET /server.zip HTTP/1.1, GET /admin/phpmyadmin HTTP/1.1, GET /admin/fckeditor/editor/filemanager/browser/default/browser, GET /on.tar HTTP/1.1, GET /vendor.zip HTTP/1.1
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-01-13 14:14:22
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 09:14:18.023097 2026] [security2:error] [pid 25852:tid 25852] [client 61.97.187.18:58094] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vincetronics.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vincetronics.com"] [uri "/test.bak"] [unique_id "aWZTOtIB8_HFCPzoAgZc0gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
big-cloud.nl
2026-01-12 22:41:32
(5 months ago)
Try to access /.env
Web App Attack
πΊπΈ
TPI-Abuse
2026-01-10 15:46:22
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 61.97.187.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 10 10:46:16.098875 2026] [security2:error] [pid 2690638:tid 2690638] [client 61.97.187.18:41964] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlinemagazine.com"] [uri "/.env"] [unique_id "aWJ0SORKi-sBYXGxJauA9AAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack