๐บ๐ธ
ambor
2026-07-02 13:27:28
(4 days ago)
Honeypot triggered: /backup.sql on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x ...
show more
Honeypot triggered: /backup.sql on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36. Method: GET
show less
Web App Attack
๐ซ๐ท
ELYAZ
2026-07-02 11:57:21
(4 days ago)
(y3) Failed access -byebye- from 95.85.78.143 (SG/Singapore/dopad.com): (CF_ENABLE)
Hacking
๐ฉ๐ช
NewWavesApp
2026-07-02 11:34:08
(4 days ago)
(mod_security) mod_security triggered on hostname [redacted] 95.85.78.143 (SG/Singapore/dopad.com): ...
show more
(mod_security) mod_security triggered on hostname [redacted] 95.85.78.143 (SG/Singapore/dopad.com): (CF_ENABLE)
show less
SQL Injection
Anonymous
2026-07-02 11:14:13
(4 days ago)
Bot / seems abusive / Apache connections: 21
DDoS Attack
Web Spam
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-02 09:45:05
(4 days ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-02 08:51:26
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:51:21.190179 2026] [security2:error] [pid 21693:tid 21693] [client 95.85.78.143:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||upskirtcrazy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "upskirtcrazy.com"] [uri "/database.sql"] [unique_id "akYmif71QCrlVZTU3t-EmQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-02 04:27:43
(4 days ago)
95.85.78.143 - - [02/Jul/2026:04:27:41 +0000] "GET /wp-content/uploads/dump.sql HTTP/2.0" 404 182 "- ...
show more
95.85.78.143 - - [02/Jul/2026:04:27:41 +0000] "GET /wp-content/uploads/dump.sql HTTP/2.0" 404 182 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
Matthew Ping
2026-07-02 02:45:01
(4 days ago)
ModSecurity rule 949110 triggered on dedicated. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
๐ซ๐ท
Baking333
2026-07-02 01:44:03
(4 days ago)
[redacted] 95.85.78.143 - - [02/Jul/2026:02:44:00 +0100] "GET /wp-content/[redacted] HTTP/1.1" 302 1 ...
show more
[redacted] 95.85.78.143 - - [02/Jul/2026:02:44:00 +0100] "GET /wp-content/[redacted] HTTP/1.1" 302 1554 0/112563 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0" [redacted] 95.85.78.143 - - [02/Jul/2026:02:44:01 +0100] "GET /wp-content/uploads/[redacted] HTTP/1.1" 302 6773 0/68414 "-" "Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 22:08:24
(4 days ago)
Blocked by ModSec and CSF
Port Scan
๐ช๐ธ
pipeline.es
2026-07-01 21:12:34
(4 days ago)
Web scanning / probing for vulnerable paths | URL: /data.sql | Evidence: portadembarque.com 95.85.78 ...
show more
Web scanning / probing for vulnerable paths | URL: /data.sql | Evidence: portadembarque.com 95.85.78.143 - - [01/Jul/2026:23:08:08 +0200] \"GET /data.sql HTTP/1.1\" 404 20706 \"-\" \"Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.17\" GEOIP_COUNTRY_CODE=SG | ASN: G-Core Labs S.A. | Country: SG
show less
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 19:22:07
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 15:22:00.362628 2026] [security2:error] [pid 31295:tid 31295] [client 95.85.78.143:59606] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||oxysulfur.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oxysulfur.com"] [uri "/temp.sql"] [unique_id "akVo2NoUxGuEzPDkLG0iewAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 16:06:33
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 12:06:29.798883 2026] [security2:error] [pid 9954:tid 10052] [client 95.85.78.143:56243] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mouserart.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mouserart.com"] [uri "/dbdump.sql"] [unique_id "akU7BfIiNnli2o09F-EwuQAAARg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
NerdyMcNerderson
2026-07-01 13:53:57
(5 days ago)
MarekCloud auto-ban: Bot honeypot: GET /dbdump.sql
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 11:57:44
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 sec ...
show more
(mod_security) mod_security (id:210730) triggered by 95.85.78.143 (dopad.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 07:57:36.789857 2026] [security2:error] [pid 28423:tid 28423] [client 95.85.78.143:62185] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lenorasflowers.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lenorasflowers.com"] [uri "/database.sql"] [unique_id "akUAsAtk5ALvgTrOs6TCRQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack