๐บ๐ธ
TPI-Abuse
2026-07-09 13:51:37
(16 hours ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 09:51:31.099010 2026] [security2:error] [pid 22820:tid 22820] [client 180.153.236.16:36128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.stationrestaurant.ca|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.stationrestaurant.ca"] [uri "/"] [unique_id "ak-nYzvxHcvI2Ojft_CkGQAAAAg"], referer: http://www.stationrestaurant.ca/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-05 14:40:03
(4 days ago)
[Mon Jul 06 00:40:02.221999 2026] [security2:error] [pid 923426] [client 180.153.236.16:3414] [clien ...
show more
[Mon Jul 06 00:40:02.221999 2026] [security2:error] [pid 923426] [client 180.153.236.16:3414] [client 180.153.236.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/"] [unique_id "akpswrIguWlktG8Pmal1tgAAAAI"], referer: https://valueaddedpromotions.com.au/
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 08:48:17
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 04:48:13.103433 2026] [security2:error] [pid 19977:tid 19977] [client 180.153.236.16:2396] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.alsetsystems.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.alsetsystems.com"] [uri "/"] [unique_id "akoaTRrAWMIHjp6MyVidnwAAAAE"], referer: https://www.alsetsystems.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 08:14:55
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 04:14:51.133075 2026] [security2:error] [pid 6109:tid 6109] [client 180.153.236.16:24568] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.doctorc.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.doctorc.net"] [uri "/"] [unique_id "akoSe5FxYRzpp2Mrl0xR7AAAAAo"], referer: http://www.doctorc.net/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 06:00:26
(5 days ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 02:00:19.467182 2026] [security2:error] [pid 27744:tid 27744] [client 180.153.236.16:55784] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.vplow.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.vplow.com"] [uri "/"] [unique_id "akny8w3mdM-M2TontSfM6wAAABE"], referer: http://www.vplow.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-03 06:47:46
(6 days ago)
Blocked by ModSec and CSF
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-02 06:56:43
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 02:56:36.552124 2026] [security2:error] [pid 12379:tid 12379] [client 180.153.236.16:46878] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||saltcityprint.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "saltcityprint.com"] [uri "/"] [unique_id "akYLpMQ1DYNNqhGQ2z09-QAAAAY"], referer: http://saltcityprint.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 05:30:34
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 01:30:28.002843 2026] [security2:error] [pid 24074:tid 24095] [client 180.153.236.16:18728] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||aapm.info|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aapm.info"] [uri "/"] [unique_id "akX3czNhLfRaa3XHN8AqTAAAARI"], referer: https://aapm.info/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 11:49:45
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:49:40.002656 2026] [security2:error] [pid 4578:tid 4578] [client 180.153.236.16:36502] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||femdomchatbot.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "femdomchatbot.com"] [uri "/"] [unique_id "akJb0xCh2h6I_nub0DHQzwAAAAM"], referer: https://femdomchatbot.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 12:46:04
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 08:45:57.122060 2026] [security2:error] [pid 4185:tid 4185] [client 180.153.236.16:20554] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.concertosupport.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.concertosupport.com"] [uri "/"] [unique_id "akEXhUWWnd4aWeR39HOoLgAAAAA"], referer: http://www.concertosupport.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 07:04:29
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:04:23.146256 2026] [security2:error] [pid 8370:tid 8370] [client 180.153.236.16:32298] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.poulsoncustomhomes.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.poulsoncustomhomes.com"] [uri "/"] [unique_id "akDHd-Npbv8YZqC3-UzPJgAAAB8"], referer: http://www.poulsoncustomhomes.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 06:30:39
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 02:30:31.983562 2026] [security2:error] [pid 2583:tid 2583] [client 180.153.236.16:8464] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.miles2go.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.miles2go.net"] [uri "/index.htm"] [unique_id "akC_h36Waj5sS1Kst3DMAgAAAAM"], referer: http://www.miles2go.net/index.htm
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 05:54:14
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:54:10.389343 2026] [security2:error] [pid 17089:tid 17089] [client 180.153.236.16:25744] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.egret.us|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.egret.us"] [uri "/"] [unique_id "akC3AjXfcerL5nxAS_F6LwAAABY"], referer: http://www.egret.us/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 13:24:27
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 09:24:19.495672 2026] [security2:error] [pid 31224:tid 31224] [client 180.153.236.16:37976] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||marlinlee.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "marlinlee.com"] [uri "/"] [unique_id "aj59g5sqQZ3H5f3NnyZWoAAAAAI"], referer: http://marlinlee.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 16:15:44
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 180.153.236.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 12:15:39.410253 2026] [security2:error] [pid 32524:tid 32546] [client 180.153.236.16:8052] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.munatseng.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.munatseng.org"] [uri "/"] [unique_id "aj1UK0JwguqnXa6FZp5LxgAAARM"], referer: https://www.munatseng.org/
show less
Brute-Force
Bad Web Bot
Web App Attack