๐บ๐ธ
TPI-Abuse
2026-07-03 21:40:34
(23 hours ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:40:27.727476 2026] [security2:error] [pid 29376:tid 29376] [client 203.91.78.176:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.upskirtcrazy.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.upskirtcrazy.com"] [uri "/okok.cer"] [unique_id "akgsSzr2NAT9hcSSMLL56wAAABY"], referer: http://www.upskirtcrazy.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 04:19:37
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 00:19:29.275926 2026] [security2:error] [pid 6548:tid 6548] [client 203.91.78.176:51493] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kaldaragroup.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kaldaragroup.com"] [uri "/okok.cer"] [unique_id "akc4UaL0s7u6IvlUxk4ovgAAAAQ"], referer: http://www.kaldaragroup.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-03 02:21:30
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 10:26:14
(3 days ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 06:26:09.146366 2026] [security2:error] [pid 9227:tid 9227] [client 203.91.78.176:52950] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nnrentacar.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nnrentacar.com"] [uri "/okok.cer"] [unique_id "akTrQXSOW0EV4asvL8JnuAAAAAY"], referer: http://nnrentacar.com
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 05:15:30
(3 days ago)
Automatically blocked after 11 security events. Observed web-shell or malicious-file probes. Source: ...
show more
Automatically blocked after 11 security events. Observed web-shell or malicious-file probes. Source: Cloudflare security controls.
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 04:03:24
(3 days ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 00:03:18.517723 2026] [security2:error] [pid 3157:tid 3157] [client 203.91.78.176:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rodrigoaldecoa.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rodrigoaldecoa.com"] [uri "/okok.cer"] [unique_id "akSRhv2mqg1p1wOVd6sgUQAAAAs"], referer: http://rodrigoaldecoa.com/okok.cer
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Octopuce
2026-06-30 16:29:15
(4 days ago)
Aggressive web search of vulnerable pages: /add.php /surprise.php /login8.php /login9.php /indexback ...
show more
Aggressive web search of vulnerable pages: /add.php /surprise.php /login8.php /login9.php /indexback.php /data/indexback.php /data/no_basdir.ph ...
show less
Web App Attack
๐บ๐ธ
interbiznw.com
2026-06-29 17:39:53
(5 days ago)
malicious-web-requests-vulnerability-scanning
Hacking
Brute-Force
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 14:33:36
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:33:30.364897 2026] [security2:error] [pid 30199:tid 30199] [client 203.91.78.176:62085] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||bikinitweets.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bikinitweets.com"] [uri "/okok.cer"] [unique_id "akEwumZYr4rSvfx8UPDgLAAAACg"], referer: http://bikinitweets.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-28 06:10:08
(6 days ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2026-06-28 03:10:05
(6 days ago)
| [Dangerous/Hong Kong] Aggressive IP 203.91.78.176 (~30 hits). Type: DoS Defender- Web server 400 e ...
show more
| [Dangerous/Hong Kong] Aggressive IP 203.91.78.176 (~30 hits). Type: DoS Defender- Web server 400 error code
show less
Web App Attack
Hacking
SQL Injection
๐ฉ๐ช
ghostwarriors
2026-06-27 22:50:23
(6 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-27 09:15:08
(1 week ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 02:16:09
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:16:03.360579 2026] [security2:error] [pid 31872:tid 31974] [client 203.91.78.176:52172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sweeneyzone.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sweeneyzone.com"] [uri "/okok.cer"] [unique_id "aj8yY43njd3HoM78XetK2gAAAFI"], referer: http://sweeneyzone.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 01:58:16
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 203.91.78.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:58:11.738489 2026] [security2:error] [pid 18380:tid 18380] [client 203.91.78.176:53787] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||3beeze.com|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "3beeze.com"] [uri "/okok.cer"] [unique_id "aj8uM7R0PUP3giO8tq7kDAAAAA0"], referer: http://3beeze.com
show less
Brute-Force
Bad Web Bot
Web App Attack