๐บ๐ธ
TPI-Abuse
2025-08-24 06:35:54
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 02:35:50.114221 2025] [security2:error] [pid 20417:tid 20417] [client 2a03:e600:100::4:38706] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||goodfrequencies.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "goodfrequencies.com"] [uri "/dfrequencies.sql"] [unique_id "aKqyxoXkX9UFa9g6GqEnjgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-23 01:11:31
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 22 21:11:23.673636 2025] [security2:error] [pid 11216:tid 11216] [client 2a03:e600:100::4:42136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||letmespeakpodcast.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "letmespeakpodcast.com"] [uri "/akpodcast.sql"] [unique_id "aKkVO7jINhwtf2zYEhv8YgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-21 08:00:17
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 21 04:00:06.970161 2025] [security2:error] [pid 1475016:tid 1475153] [client 2a03:e600:100::4:51684] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||leadingedgesupply.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "leadingedgesupply.com"] [uri "/lead.sql"] [unique_id "aKbSBj9MbZcFXbyNn84WawAAAJM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2025-08-20 08:15:16
(10 months ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-08-16 13:56:25
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 16 09:56:18.050071 2025] [security2:error] [pid 4869:tid 4869] [client 2a03:e600:100::4:56072] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ohwaitiforgot.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ohwaitiforgot.com"] [uri "/hwaitiforgot.sql"] [unique_id "aKCOAtLS4SRnlst21gL72gAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
weblite
2025-08-16 11:25:30
(10 months ago)
WP_MALWARE_PROBE
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-10 06:29:00
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 10 02:28:57.266607 2025] [security2:error] [pid 26834:tid 26834] [client 2a03:e600:100::4:65514] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||goglobex.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "goglobex.com"] [uri "/globex.sql"] [unique_id "aJg8KbdUlrwGEBBLAeKWuQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2025-08-08 07:39:39
(10 months ago)
(modsecurity) srv101 ModSecurity 2a03:e600:100::4 (Unknown): 5 in the last 3600 secs; Ports: *; Dire ...
show more
(modsecurity) srv101 ModSecurity 2a03:e600:100::4 (Unknown): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-06 19:19:11
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 06 15:19:06.964316 2025] [security2:error] [pid 9414:tid 9414] [client 2a03:e600:100::4:17456] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barkatthemoonpetsitting.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barkatthemoonpetsitting.com"] [uri "/backupdb.sql"] [unique_id "aJOqqlCpt9hOwEYaUjYPcQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-31 10:24:15
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 31 06:24:10.615506 2025] [security2:error] [pid 18938:tid 18938] [client 2a03:e600:100::4:9106] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||applemaccomputerconsulting.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "applemaccomputerconsulting.com"] [uri "/terconsulting.sql"] [unique_id "aItESrU-6XkSBV_Q6mSxdAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-22 14:43:23
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 22 10:43:17.118502 2025] [security2:error] [pid 25160:tid 25160] [client 2a03:e600:100::4:11488] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.rockinr.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.rockinr.org"] [uri "/_wp.sql"] [unique_id "aH-jhRBEUVeAvZS9QAJxpgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-21 00:11:14
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210492) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 20 20:11:11.244191 2025] [security2:error] [pid 2047:tid 2047] [client 2a03:e600:100::4:48246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adoniahenterprises.com"] [uri "/wp-config.phpbak"] [unique_id "aH2Fn-gHcW65cVorokZkdAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-20 21:35:45
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 20 17:35:37.565702 2025] [security2:error] [pid 24909:tid 24909] [client 2a03:e600:100::4:31400] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hawaiireservations.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hawaiireservations.com"] [uri "/database01.sql"] [unique_id "aH1hKQfGj7I5KqYmzxI0ZAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2025-07-20 18:55:44
(11 months ago)
Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: BLOCK
Protocol: HTTP/2 (GET method) ...
show more
Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: BLOCK
Protocol: HTTP/2 (GET method)
Endpoint: /tools/ip-checker
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-07-20 13:14:12
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.applie ...
show more
(mod_security) mod_security (id:210730) triggered by 2a03:e600:100::4 (tor-exit-anonymizer-v6.appliedprivacy.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 20 09:14:07.983212 2025] [security2:error] [pid 4682:tid 4682] [client 2a03:e600:100::4:43984] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||blacksheepoffroad.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blacksheepoffroad.com"] [uri "/db1.sql"] [unique_id "aHzrn9POuBAi0Vc_OdhIagAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack