๐บ๐ธ
TPI-Abuse
2026-07-16 13:20:03
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:19:54.512241 2026] [security2:error] [pid 22102:tid 22102] [client 8.219.252.25:44274] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mtbpv.org"] [uri "/.env.local"] [unique_id "aljaesx66Ml5x_lhZe4zJgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-16 13:19:26
(9 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 12:59:29
(9 hours ago)
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 08:59:19.439016 2026] [security2:error] [pid 4039:tid 4044] [client 8.219.252.25:40628] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.biblewriter.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.biblewriter.com"] [uri "/database.sql"] [unique_id "aljVp4wMp0-V_8WfygvclQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 19:34:19
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 15:34:11.167954 2026] [security2:error] [pid 30091:tid 30091] [client 8.219.252.25:35874] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.voodooshop.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.voodooshop.com"] [uri "/voodoofest.html/db.sql"] [unique_id "alfgs1Ah2hUa_emgkJXZwgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 17:54:07
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 8.219.252.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 13:53:58.028207 2026] [security2:error] [pid 13294:tid 13294] [client 8.219.252.25:51806] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ruralroutes.ca|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ruralroutes.ca"] [uri "/database.sql"] [unique_id "alfJNqvSSNlESGHksuykBgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-15 17:05:18
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
๐ณ๐ฑ
Linuxmalwarehuntingnl
2024-07-01 10:36:29
(2 years ago)
Unauthorized connection attempt
Brute-Force
๐จ๐ฆ
Largnet SOC
2024-06-04 05:28:30
(2 years ago)
8.219.252.25 triggered Icarus honeypot on port 1433. Check us out on github.
Port Scan
Hacking
๐บ๐ธ
Hobby Bob
2024-06-03 01:11:20
(2 years ago)
Jun 3 03:11:19 server dovecot: imap-login: Disconnected (no auth attempts in 10 secs): user=, rip=8. ...
show more
Jun 3 03:11:19 server dovecot: imap-login: Disconnected (no auth attempts in 10 secs): user=, rip=8.219.252.25, lip=X.X.X.X session=
show less
Port Scan
Hacking
๐ธ๐ฌ
drewf.ink
2024-05-31 20:28:08
(2 years ago)
[20:28] Port scanning. Port(s) scanned: TCP/8008
Port Scan
๐บ๐ธ
NXTwoThou
2024-05-30 22:21:37
(2 years ago)
POP3
Port Scan
๐ฎ๐ฉ
penjaga BRIN
2024-02-15 23:00:05
(2 years ago)
Port Scanning
Port Scan
๐ฎ๐ฉ
penjaga BRIN
2024-02-10 04:00:05
(2 years ago)
Port Scanning
Port Scan