๐บ๐ธ
TPI-Abuse
2026-06-30 01:26:07
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 21:26:00.281040 2026] [security2:error] [pid 22072:tid 22072] [client 172.69.251.130:10056] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||web15.dnchosting.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "web15.dnchosting.com"] [uri "/tox.ini"] [unique_id "akMbKP9eBqPASRw6iZAPpgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 07:27:08
(3 days ago)
(mod_security) mod_security (id:949110) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:27:01.725559 2026] [security2:error] [pid 31358:tid 31358] [client 172.69.251.130:12119] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "toxicnation.org"] [uri "/tox.ini"] [unique_id "akDMxWqY6kLmfv--AqfqVAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 03:47:33
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 23:47:29.247695 2026] [security2:error] [pid 30470:tid 30470] [client 172.69.251.130:10633] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||thevenicecafe.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thevenicecafe.com"] [uri "/tox.ini"] [unique_id "akCZUT7IoqyAHwdw1vW0QwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-06-27 05:25:02
(4 days ago)
Web vulnerability probing: /__web_secure_probe_1782537902687979099_13
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 01:56:11
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 21:56:04.750223 2026] [security2:error] [pid 10409:tid 10409] [client 172.69.251.130:11458] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ieas.org|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ieas.org"] [uri "/tox.ini"] [unique_id "ajnntHGLnYTiwpRToT6NdgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-21 23:31:49
(1 week ago)
172.69.251.130 - - [22/Jun/2026:02:31:47 +0300] "GET /etc/passwd HTTP/1.1" 404 3344 "-" "Mozilla/5.0 ...
show more
172.69.251.130 - - [22/Jun/2026:02:31:47 +0300] "GET /etc/passwd HTTP/1.1" 404 3344 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.69.251.130 - - [22/Jun/2026:02:31:48 +0300] "GET /etc/passwd HTTP/1.1" 404 762 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 20:27:53
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 16:27:48.705872 2026] [security2:error] [pid 6971:tid 6977] [client 172.69.251.130:9526] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||financialanalyst.org|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "financialanalyst.org"] [uri "/tox.ini"] [unique_id "ajb3xOMzEkAFVd_BwUtQRwAAAUM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
penjaga BRIN
2026-06-18 04:15:14
(1 week ago)
Suspicious malicious activity
Hacking
๐จ๐ฟ
Countryman
2026-06-17 20:59:13
(2 weeks ago)
IPS detection: Web.Server.Password.File.Access
Hacking
๐จ๐ฟ
Countryman
2026-06-17 20:59:13
(2 weeks ago)
IPS detection: Web.Server.Password.File.Access
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-16 16:47:48
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.69.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:47:41.199810 2026] [security2:error] [pid 18861:tid 18861] [client 172.69.251.130:13322] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "art.mavikalem.org"] [uri "/.htaccess"] [unique_id "ajF-LdpYHfP7Xs1Y8oj63wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
pixiekat
2026-06-16 10:49:25
(2 weeks ago)
[Tue Jun 16 11:49:03.613297 2026] [authz_core:error] [pid 14288:tid 14352] [remote 172.69.251.130:13 ...
show more
[Tue Jun 16 11:49:03.613297 2026] [authz_core:error] [pid 14288:tid 14352] [remote 172.69.251.130:13984] AH01630: client denied by server configuration: /mnt/HC_Volume_105148208/vhosts/matomo/.htaccess
[Tue Jun 16 11:49:04.145629 2026] [authz_core:error] [pid 14288:tid 14356] [remote 172.69.251.130:13984] AH01630: client denied by server configuration: /mnt/HC_Volume_105148208/vhosts/matomo/.DS_Store
[Tue Jun 16 11:49:04.492771 2026] [authz_core:error] [pid 14288:tid 14357] [remote 172.69.251.130:13984] AH01630: client denied by server configuration: /mnt/HC_Volume_105148208/vhosts/matomo/.DS_Store
[Tue Jun 16 11:49:24.685913 2026] [authz_core:error] [pid 14288:tid 14338] [remote 172.69.251.130:13984] AH01630: client denied by server configuration: /mnt/HC_Volume_105148208/vhosts/matomo/.babelrc
[Tue Jun 16 11:49:25.073976 2026] [authz_core:error] [pid 14288:tid 14347] [remote 172.69.251.130:13984] AH01630: client denied by server configuration: /mnt/HC_Volume_105148208/vhosts/matomo/.
...
show less
Brute-Force
๐ฆ๐น
penguin-solutions.at
2026-06-12 00:27:26
(2 weeks ago)
Excessive 403/404 errors
...
Brute-Force
Web App Attack
๐ฉ๐ช
bescared
2026-05-14 18:49:21
(1 month ago)
F2B - Malicious activity detected. URL Probing. -8ff06ede-
Hacking
Bad Web Bot
Web App Attack
Anonymous
2024-11-10 12:42:56
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH