|
π¬π§
consul.to
|
|
Web attack/malicious scanning detected
|
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 13:20:22.884950 2026] [security2:error] [pid 15870:tid 15870] [client 151.240.55.190:48435] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.searchenginesubmit.org|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.searchenginesubmit.org"] [uri "/"] [unique_id "aihLVooDjE2jugyBDA8jqwAAAAY"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 12:14:48.931373 2026] [security2:error] [pid 12645:tid 12645] [client 151.240.55.190:27463] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.rockwaychiropractic.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.rockwaychiropractic.com"] [uri "/"] [unique_id "aig7-NgKoDN55yA7NlEM5wAAAAU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 14:56:32.304178 2026] [security2:error] [pid 26694:tid 26694] [client 151.240.55.190:37765] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.barbaraedidin.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.barbaraedidin.com"] [uri "/"] [unique_id "aicQYN36ur8gguPOvHgINAAAAAE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
π©πͺ
ghostwarriors
|
|
Webpage scraping
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 20:26:20.459636 2026] [security2:error] [pid 27316:tid 27316] [client 151.240.55.190:27737] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.fgrotary.org|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.fgrotary.org"] [uri "/"] [unique_id "aiS6rC-5N5nxyRUY1C46dwAAABU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 11:05:32.101109 2026] [security2:error] [pid 21398:tid 21398] [client 151.240.55.190:51225] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.webdryer.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.webdryer.com"] [uri "/"] [unique_id "aiQ3PKeskRp6u-aeUCq05wAAABg"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 03:51:49.650418 2026] [security2:error] [pid 4913:tid 4913] [client 151.240.55.190:31801] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||cmgpartners.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cmgpartners.com"] [uri "/transformation/"] [unique_id "aiPRlbk8WtIxfXHUW58zcwAAAAs"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
π©πͺ
LRob
|
|
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
|
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 18:13:50.026356 2026] [security2:error] [pid 4894:tid 4894] [client 151.240.55.190:21919] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.bluemarineboats.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bluemarineboats.com"] [uri "/robots.txt"] [unique_id "aiNKHtyh5MnkZjU9UUds3wAAABw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
π©πͺ
ghostwarriors
|
|
Webpage scraping
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 11:09:12.529271 2026] [security2:error] [pid 4047:tid 4047] [client 151.240.55.190:21113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||barigby.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "barigby.com"] [uri "/robots.txt"] [unique_id "aiLmmKuXVWksyZ9YtSV7jQAAAAw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 07:14:22.456390 2026] [security2:error] [pid 15661:tid 15661] [client 151.240.55.190:23623] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.madrigalscripts.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.madrigalscripts.com"] [uri "/"] [unique_id "aiKvjgPwtl2jGWADsB_k1wAAABI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 08:38:26.952071 2026] [security2:error] [pid 25274:tid 25274] [client 151.240.55.190:59633] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.mosheimlib.org|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mosheimlib.org"] [uri "/"] [unique_id "aiFxwlECMltdD6tsnKFBswAAABg"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 151.240.55.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 04:00:26.477154 2026] [security2:error] [pid 32444:tid 32444] [client 151.240.55.190:50195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.studioyau.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.studioyau.com"] [uri "/"] [unique_id "aiEwmuNkNF49p4i5HUbcHwAAABQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|