Abuse complaints

195.133.84.14:         2026-05-25 18:01.Categories: Hacking, Web App Attack.
Comment: 195.133.84.14 – – [25/May/2026:18:56:18 +0100] “GET /42011e01a9d5.php HTTP/1.1” 404 49697 “https://4x4response.uk/ajax/render/widget_tabbedcontainer_tab_panel” “Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 10.0; Win64; x64; Trident/6.0)” 195.133.84.14 – – [25/May/2026:18:56:45 +0100] “GET /42011e01a9d5.php HTTP/1.1” 404 49697 “https://4x4response.uk/ajax/render/widget_tabbedcontainer_tab_panel” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:48.0) Gecko/20100101 Firefox/48.0” 195.133.84.14 – – [25/May/2026:19:01:47 +0100] “GET /42011e01a9d5.php HTTP/1.1” 404 49697 “https://4x4response.uk/ajax/render/widget_tabbedcontainer_tab_panel” “Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2977.11 Safari/537.36” …
        2026-05-25 17:02.Categories: Port Scan, Brute-Force, Web App Attack.
Comment: [MonMay2519:01:56.7520482026][security2:error][pid210488:tid210566][client195.133.84.14:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\”/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\”][line\”94\”][id\”949110\”][msg\”InboundAnomalyScoreExceeded\(TotalScore:5\)\”][severity\”CRITICAL\”][ver\”OWASP_CRS/3.3.9\”][tag\”application-multi\”][tag\”language-multi\”][tag\”platform-multi\”][tag\”attack-generic\”][hostname\”kiteinvest.ch\”][uri\”/media/astroid/css/debug.css\”][unique_id\”ahSAhM6j0qOXUKbOXtXouAAAAJA\”]\,referer:https://kiteinvest.ch/
        2026-05-25 16:00.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: (mod_security) mod_security (id:210730) triggered by 195.133.84.14 (vde.rudayz.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 12:00:23.856943 2026] [security2:error] [pid 30078:tid 30078] [client 195.133.84.14:58732] ModSecurity: Access denied with code 403 (phase 2). Match of “pmFromFile userdata_wl_extensions” against “TX:extension” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf”] [line “27”] [id “210730”] [rev “5”] [msg “COMODO WAF: URL file extension is restricted by policy||www.kellermoving.com|F|2”] [data “.astroid.ini”] [severity “CRITICAL”] [tag “CWAF”] [tag “HTTP”] [hostname “www.kellermoving.com”] [uri “/language/en-GB/en-GB.astroid.ini”] [unique_id “ahRyF1ayWFT-GifnSgOwggAAAB0”], referer: http://www.kellermoving.com/media/astroid/css/debug.css
        2026-05-25 15:36.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: (mod_security) mod_security (id:210730) triggered by 195.133.84.14 (vde.rudayz.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 11:36:49.873627 2026] [security2:error] [pid 21005:tid 21005] [client 195.133.84.14:34296] ModSecurity: Access denied with code 403 (phase 2). Match of “pmFromFile userdata_wl_extensions” against “TX:extension” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf”] [line “27”] [id “210730”] [rev “5”] [msg “COMODO WAF: URL file extension is restricted by policy||kathiepontinen.seizetheseason.com|F|2”] [data “.astroid.ini”] [severity “CRITICAL”] [tag “CWAF”] [tag “HTTP”] [hostname “kathiepontinen.seizetheseason.com”] [uri “/language/en-GB/en-GB.astroid.ini”] [unique_id “ahRskSVM0DjuReQ-8AcXyQAAAAI”], referer: http://kathiepontinen.seizetheseason.com/media/astroid/css/debug.css
        2026-05-25 15:24.Categories: Web App Attack, Hacking.
Comment: Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.
        2026-05-25 14:38.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: (mod_security) mod_security (id:210730) triggered by 195.133.84.14 (gw-de.rudayz.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 10:38:24.178184 2026] [security2:error] [pid 24790:tid 24790] [client 195.133.84.14:34730] ModSecurity: Access denied with code 403 (phase 2). Match of “pmFromFile userdata_wl_extensions” against “TX:extension” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf”] [line “27”] [id “210730”] [rev “5”] [msg “COMODO WAF: URL file extension is restricted by policy||jwwsb.jaspercity.com|F|2”] [data “.astroid.ini”] [severity “CRITICAL”] [tag “CWAF”] [tag “HTTP”] [hostname “jwwsb.jaspercity.com”] [uri “/language/en-GB/en-GB.astroid.ini”] [unique_id “ahRe4AKuknW-Ep9Csc4yygAAAAY”], referer: https://jwwsb.jaspercity.com/media/astroid/css/debug.css
        2026-05-25 13:47.Categories: Web App Attack.
Comment: Web App Attack
        2026-05-25 13:42.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: (mod_security) mod_security (id:210730) triggered by 195.133.84.14 (gw-de.rudayz.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 09:42:53.176492 2026] [security2:error] [pid 14452:tid 14452] [client 195.133.84.14:38746] ModSecurity: Access denied with code 403 (phase 2). Match of “pmFromFile userdata_wl_extensions” against “TX:extension” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf”] [line “27”] [id “210730”] [rev “5”] [msg “COMODO WAF: URL file extension is restricted by policy||lisalehmann.com|F|2”] [data “.astroid.ini”] [severity “CRITICAL”] [tag “CWAF”] [tag “HTTP”] [hostname “lisalehmann.com”] [uri “/language/en-GB/en-GB.astroid.ini”] [unique_id “ahRR3YfSnQfZkOlyxdlTggAAABQ”], referer: http://lisalehmann.com/media/astroid/css/debug.css
        2026-05-25 13:31.Categories: Web App Attack.
Comment: Excessive failed CAPTCHA attempts (CAPTCHA DoS)
        2026-05-25 13:26.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: (mod_security) mod_security (id:210730) triggered by 195.133.84.14 (gw-de.rudayz.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 09:26:14.631479 2026] [security2:error] [pid 22317:tid 22317] [client 195.133.84.14:49384] ModSecurity: Access denied with code 403 (phase 2). Match of “pmFromFile userdata_wl_extensions” against “TX:extension” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf”] [line “27”] [id “210730”] [rev “5”] [msg “COMODO WAF: URL file extension is restricted by policy||jkperis.com|F|2”] [data “.astroid.ini”] [severity “CRITICAL”] [tag “CWAF”] [tag “HTTP”] [hostname “jkperis.com”] [uri “/language/en-GB/en-GB.astroid.ini”] [unique_id “ahRN9lUbqkLksk9pXSJlkAAAAAA”], referer: https://jkperis.com/media/astroid/css/debug.css
        2026-05-25 12:53.Categories: Hacking, Brute-Force.
Comment: Automated report / Unauthorized login attempts
        2026-05-25 12:13.Categories: Brute-Force, Bad Web Bot, Web App Attack.
Comment: 23 attempts against mh_ha-misbehave-ban on ec102967
        2026-05-25 11:57.Categories: Hacking, Web App Attack.
Comment: [MonMay2513:57:47.8512432026][security2:error][pid495757:tid496078][client195.133.84.14:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\”/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\”][line\”94\”][id\”949110\”][msg\”InboundAnomalyScoreExceeded\(TotalScore:5\)\”][severity\”CRITICAL\”][ver\”OWASP_CRS/3.3.9\”][tag\”application-multi\”][tag\”language-multi\”][tag\”platform-multi\”][tag\”attack-generic\”][hostname\”aid-consultancy.com\”][uri\”/plugins/system/nrframework/nrframework.xml\”][unique_id\”ahQ5O5mxl1WdCPIWVga5xAAAANg\”]
        2026-05-25 11:19.Categories: Hacking.
Comment: sce-Joomla Admin : try to force the door…
        2026-05-25 09:47.Categories: Web App Attack.
Comment: Multiple WAF Violations
        2026-05-25 09:44.Categories: Hacking.
Comment: doe-Joomla Admin : try to force the door…
        2026-05-25 08:58.Categories: Hacking.
Comment: vee-Joomla Admin : try to force the door…
        2026-05-25 08:29.Categories: Web App Attack.
Comment: LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 195.133.84.14 (DE/Germany/gw-de.rudayz.ru): 1 in the last 3600 secs