TPI-Abuse
2025-03-26 20:58:58
(23 hours ago)
(mod_security) mod_security (id:210831) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 26 16:58:53.785482 2025] [security2:error] [pid 2384464:tid 2384464] [client 95.168.173.143:50882] [client 95.168.173.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.frickandfracks.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.frickandfracks.com"] [uri "/"] [unique_id "Z-RqjZIzldlOYHeqedkK1wAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2025-03-26 18:30:41
(1 day ago)
144 requests to */wp-comments-post.php
Brute-Force
Bad Web Bot
TPI-Abuse
2025-03-25 22:45:10
(1 day ago)
(mod_security) mod_security (id:210831) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 25 18:45:06.779428 2025] [security2:error] [pid 4415:tid 4415] [client 95.168.173.143:40990] [client 95.168.173.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.afdfurniture.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.afdfurniture.com"] [uri "/robots.txt"] [unique_id "Z-Mx8veygkqtsKxkKFt_dAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
niceshops.com
2025-03-24 18:01:44
(3 days ago)
Web Attack ([24/Mar/2025:19:00:32 +0100] )
Brute-Force
Bad Web Bot
Web App Attack
2025-03-23 19:50:33
(4 days ago)
Fail2ban block
Brute-Force
TPI-Abuse
2025-03-22 19:40:47
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 15:40:40.902911 2025] [security2:error] [pid 24082:tid 24082] [client 95.168.173.143:56338] [client 95.168.173.143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bergenoaks.com"] [uri "/wp-config.php_old2017"] [unique_id "Z98SOMDDAxMsTwg33KbXUgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-03-22 09:19:14
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 05:19:08.409631 2025] [security2:error] [pid 4258:tid 4258] [client 95.168.173.143:45054] [client 95.168.173.143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adlabsnetworks.net"] [uri "/wp-config.php6"] [unique_id "Z96AjOzxmYh6QQqQ3I_QPgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2025-03-22 01:53:03
(5 days ago)
Form spam
Web Spam
lid3rc
2025-03-21 09:18:20
(6 days ago)
According to the AbuseIPDB risk analysis, the IP address is too high risk.
Web App Attack
BlueWire Hosting
2025-03-19 21:10:15
(1 week ago)
Probing for application vulnerabilities
Brute-Force
Web App Attack
polycoda
2025-03-19 17:13:58
(1 week ago)
📄 Probes for tons of inexistent files and/or PHP scripts
Hacking
Web App Attack
MAGIC
2025-03-19 16:01:33
(1 week ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Packets-Decreaser.NET
2025-03-18 09:58:04
(1 week ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
TPI-Abuse
2025-03-15 19:06:54
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 95.168.173.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 15 15:06:46.509865 2025] [security2:error] [pid 3927302:tid 3927302] [client 95.168.173.143:53746] [client 95.168.173.143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drgracetomastolentino.com"] [uri "/wp-config.php2"] [unique_id "Z9XPxjT-0EP1MFEiyvsHmQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2025-03-15 12:46:53
(1 week ago)
Form spam
Web Spam
Netherlands