๐บ๐ธ
TPI-Abuse
2026-07-03 10:59:15
(1 day ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:59:09.450707 2026] [security2:error] [pid 20446:tid 20446] [client 180.153.236.110:33819] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.tribwatch.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tribwatch.com"] [uri "/"] [unique_id "akeV_TdtKBLGbGiRKa_Q6wAAABA"], referer: https://www.tribwatch.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-03 08:38:04
(1 day ago)
[Fri Jul 03 18:38:04.380151 2026] [security2:error] [pid 622860] [client 180.153.236.110:48313] [cli ...
show more
[Fri Jul 03 18:38:04.380151 2026] [security2:error] [pid 622860] [client 180.153.236.110:48313] [client 180.153.236.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "winesbydesign.com.au"] [uri "/"] [unique_id "akd07JhNZ4iPTPSRiPSB2AAAAAE"], referer: https://winesbydesign.com.au//
...
show less
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-02 10:14:21
(2 days ago)
[Thu Jul 02 20:14:20.779587 2026] [security2:error] [pid 484608] [client 180.153.236.110:6629] [clie ...
show more
[Thu Jul 02 20:14:20.779587 2026] [security2:error] [pid 484608] [client 180.153.236.110:6629] [client 180.153.236.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/"] [unique_id "akY5_F0buHp7Du2W7niq0wAAAAQ"], referer: https://valueaddedpromotions.com.au/
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 08:35:32
(2 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:35:27.663527 2026] [security2:error] [pid 15761:tid 15761] [client 180.153.236.110:58849] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.otraes.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.otraes.com"] [uri "/"] [unique_id "akYiz2VUo2S32vtEKi1rYAAAABI"], referer: https://www.otraes.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 14:53:00
(5 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 10:52:51.868159 2026] [security2:error] [pid 14511:tid 14511] [client 180.153.236.110:1103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||czarcrestwesties.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "czarcrestwesties.com"] [uri "/"] [unique_id "akKGw1buV1AgM9BwSgJX6wAAAAk"], referer: https://czarcrestwesties.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 13:11:00
(5 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:10:57.845061 2026] [security2:error] [pid 13083:tid 13090] [client 180.153.236.110:42475] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||nesso.es|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "nesso.es"] [uri "/"] [unique_id "akJu4VFj7tatVV5EQ517pQAAAEU"], referer: https://nesso.es/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 11:58:07
(5 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:58:02.587888 2026] [security2:error] [pid 22965:tid 22965] [client 180.153.236.110:9743] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||ellestark.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ellestark.com"] [uri "/"] [unique_id "akJdyjeKV5aiXhuzqKWLPwAAAAQ"], referer: http://ellestark.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 10:59:41
(5 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 06:59:34.903905 2026] [security2:error] [pid 16906:tid 16906] [client 180.153.236.110:21845] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||doctorbalog.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "doctorbalog.com"] [uri "/"] [unique_id "akJQFl8MJ9r6ZnNIfVcCBQAAAAA"], referer: https://doctorbalog.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 22:16:20
(6 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 18:16:13.163312 2026] [security2:error] [pid 19781:tid 19781] [client 180.153.236.110:43957] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.kidswow.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kidswow.com"] [uri "/"] [unique_id "akGdLZVutxbNy_EZOxVIhQAAAAQ"], referer: https://www.kidswow.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 11:51:39
(6 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 07:51:33.767060 2026] [security2:error] [pid 30864:tid 30864] [client 180.153.236.110:11885] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||pamelaweisberg.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "pamelaweisberg.com"] [uri "/"] [unique_id "akEKxbLcCerGdTzN7_D7HwAAAAA"], referer: http://pamelaweisberg.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 10:06:35
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 06:06:30.093664 2026] [security2:error] [pid 27452:tid 27452] [client 180.153.236.110:20285] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||comitedelafamille.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "comitedelafamille.org"] [uri "/"] [unique_id "ajz9poj7JRZX45hr0wUWlgAAABg"], referer: https://comitedelafamille.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 09:45:55
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 05:45:51.171852 2026] [security2:error] [pid 11630:tid 11630] [client 180.153.236.110:24567] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.naomipyle.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.naomipyle.com"] [uri "/"] [unique_id "ajz4z6iQgaxea7qPS57QtgAAABc"], referer: http://www.naomipyle.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 07:00:05
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:59:57.031656 2026] [security2:error] [pid 9941:tid 10047] [client 180.153.236.110:10303] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.ceol.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ceol.com"] [uri "/"] [unique_id "ajzR7YRBpkIiz8YpeU4Q-QAAANU"], referer: https://www.ceol.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 05:32:44
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 01:32:36.793277 2026] [security2:error] [pid 13614:tid 13614] [client 180.153.236.110:35949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||aandsmetal.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aandsmetal.com"] [uri "/"] [unique_id "ajy9dDvsm5Y4jUOeFtRfyAAAAAk"], referer: https://aandsmetal.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 17:24:55
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:24:48.871393 2026] [security2:error] [pid 13984:tid 13984] [client 180.153.236.110:32885] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.financesf.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.financesf.com"] [uri "/"] [unique_id "ajgeYAMkXzF3nD2Yw1rWtwAAAA4"], referer: https://www.financesf.com/
show less
Brute-Force
Bad Web Bot
Web App Attack