๐ฆ๐บ
MAGIC
2026-07-06 00:03:57
(21 hours ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-02 15:24:28
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 11:24:21.662270 2026] [security2:error] [pid 18922:tid 18922] [client 180.153.236.10:63296] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.watongalodging.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.watongalodging.com"] [uri "/"] [unique_id "akaCpRclRg_7GBeU7hAo3AAAAAc"], referer: https://www.watongalodging.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 05:45:00
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 01:44:53.562648 2026] [security2:error] [pid 3206:tid 3209] [client 180.153.236.10:45098] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.callaplusfirst.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.callaplusfirst.com"] [uri "/"] [unique_id "akX61dGDhJx0-OUTgc9gMQAAAMA"], referer: https://www.callaplusfirst.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ท
setupgr
2026-06-29 13:16:22
(1 week ago)
(mod_security) mod_security (id:100011) triggered by 180.153.236.10 (CN/China/Shanghai/Shanghai/-/[A ...
show more
(mod_security) mod_security (id:100011) triggered by 180.153.236.10 (CN/China/Shanghai/Shanghai/-/[AS4811 CHINANET-SHANGHAI-MAN China Telecom Group]): 1 in the last 86400 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Jun 29 16:16:19.774600 2026] [security2:error] [pid 2045675:tid 2045757] [remote 180.153.236.10:60832] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CN" at GEO:COUNTRY_CODE. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "62"] [id "100011"] [msg "Traffic from CN/SG blocked for ftiaxtomonosou.gr"] [hostname "ftiaxtomonosou.gr"] [uri "/403.shtml"] [unique_id "akJwI2FllzZqv0jiSLUbKwABwRU"], referer: https://ftiaxtomonosou.gr/403.shtml
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-29 13:15:52
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:15:44.925010 2026] [security2:error] [pid 25950:tid 25950] [client 180.153.236.10:7820] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||wsdtc.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "wsdtc.net"] [uri "/"] [unique_id "akJwAAVo9AL9_qRgA9OJ_QAAABM"], referer: https://wsdtc.net/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 11:07:32
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:07:26.082754 2026] [security2:error] [pid 21235:tid 21235] [client 180.153.236.10:21136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||joescherzi.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "joescherzi.com"] [uri "/"] [unique_id "akJR7rHoFiLuXO9l-poxowAAAAY"], referer: http://joescherzi.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-06-29 07:21:06
(1 week ago)
[Mon Jun 29 17:21:05.579564 2026] [security2:error] [pid 81778] [client 180.153.236.10:6000] [client ...
show more
[Mon Jun 29 17:21:05.579564 2026] [security2:error] [pid 81778] [client 180.153.236.10:6000] [client 180.153.236.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "winesbydesign.com.au"] [uri "/"] [unique_id "akIc4Vg5hbGKPGKzbeXa4wAAAAo"], referer: https://winesbydesign.com.au//
...
show less
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-06-28 22:22:48
(1 week ago)
[Mon Jun 29 08:22:48.486803 2026] [security2:error] [pid 33416] [client 180.153.236.10:12752] [clien ...
show more
[Mon Jun 29 08:22:48.486803 2026] [security2:error] [pid 33416] [client 180.153.236.10:12752] [client 180.153.236.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "paulshipley.com.au"] [uri "/"] [unique_id "akGeuHarQBiGmEj062KgaQAAAAQ"], referer: https://paulshipley.com.au/
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 09:33:04
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:32:55.255093 2026] [security2:error] [pid 27210:tid 27210] [client 180.153.236.10:9238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||safetyfastclub.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "safetyfastclub.com"] [uri "/"] [unique_id "akDqRxVS3P7RnlB13TJqHAAAAA0"], referer: http://safetyfastclub.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 07:10:54
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:10:50.238753 2026] [security2:error] [pid 11196:tid 11196] [client 180.153.236.10:25120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||chatgptfrance.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "chatgptfrance.net"] [uri "/"] [unique_id "akDI-sXkl3Rh86-sPcuMGwAAAAE"], referer: https://chatgptfrance.net/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ณ
Peter Yu
2026-06-26 21:38:12
(1 week ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 17:14:54
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 13:14:48.534163 2026] [security2:error] [pid 22659:tid 22659] [client 180.153.236.10:6574] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||theateroobleck.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "theateroobleck.com"] [uri "/"] [unique_id "aj6ziBlFPaOrfWM5Y4dKNQAAABY"], referer: https://theateroobleck.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 21:30:43
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 17:30:37.824345 2026] [security2:error] [pid 18326:tid 18326] [client 180.153.236.10:4922] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.newisci.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.newisci.org"] [uri "/index.html"] [unique_id "aj2d_dYIjhYilwGvmO3YKwAAAAE"], referer: https://www.newisci.org/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 08:15:56
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 04:15:49.827022 2026] [security2:error] [pid 4890:tid 4910] [client 180.153.236.10:23924] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||kcscomputer.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kcscomputer.com"] [uri "/"] [unique_id "ajzjtXxoEtdEch9YRziPvAAAAFI"], referer: http://kcscomputer.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 07:59:06
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.10 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 03:59:03.348399 2026] [security2:error] [pid 27298:tid 27298] [client 180.153.236.10:4114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.e-zschedule.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.e-zschedule.com"] [uri "/"] [unique_id "ajzfx-8WwVhhazmWZ9pr5AAAABE"], referer: http://www.e-zschedule.com/
show less
Brute-Force
Bad Web Bot
Web App Attack