πΊπΈ
TPI-Abuse
2026-06-18 20:08:25
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:08:12.385315 2026] [security2:error] [pid 32351:tid 32351] [client 39.154.11.212:12109] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||cultureal.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cultureal.com"] [uri "/index.html"] [unique_id "ajRQLKaIHnu7bvH6qGe0ogAAACs"], referer: http://cultureal.com/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-17 01:37:22
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 21:37:09.233166 2026] [security2:error] [pid 10582:tid 10582] [client 39.154.11.212:20525] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||alessiaalessandra.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "alessiaalessandra.com"] [uri "/"] [unique_id "ajH6RcP3hFhtLvkbCZVGvgAAAAE"], referer: http://alessiaalessandra.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-14 04:06:29
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 00:06:12.763384 2026] [security2:error] [pid 23697:tid 23714] [client 39.154.11.212:7146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||aapmglobal.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aapmglobal.com"] [uri "/index.html"] [unique_id "ai4otKlLo-QfLnMcjtCWQwAAAM8"], referer: https://aapmglobal.com/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-12 00:41:12
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 20:40:59.382025 2026] [security2:error] [pid 26293:tid 26315] [client 39.154.11.212:20467] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.plumberw9.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.plumberw9.com"] [uri "/"] [unique_id "aitVmxKC8V1pBKjpXsx3AgAAARQ"], referer: https://www.plumberw9.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 08:06:35
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:06:23.294691 2026] [security2:error] [pid 5017:tid 5017] [client 39.154.11.212:11643] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.gemco-mfg.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.gemco-mfg.com"] [uri "/"] [unique_id "aiZ3_wBiiIuBjD7uWK7GDAAAAAM"], referer: https://www.gemco-mfg.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-25 21:20:13
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 17:20:03.139675 2026] [security2:error] [pid 3511:tid 3511] [client 39.154.11.212:9364] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||ergo84.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ergo84.com"] [uri "/"] [unique_id "ahS9A8JJ5ngyMNVc_PDiDQAAAAU"], referer: http://ergo84.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-29 20:54:37
(2 months ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 16:54:28.637229 2026] [security2:error] [pid 24868:tid 24868] [client 39.154.11.212:10620] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||turtle-trap.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "turtle-trap.com"] [uri "/"] [unique_id "afJwBONA-JclM_JJI4Mn6wAAAAc"], referer: http://turtle-trap.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-16 13:23:33
(3 months ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 09:23:21.988093 2026] [security2:error] [pid 10965:tid 10965] [client 39.154.11.212:6752] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.indie100.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.indie100.com"] [uri "/index.html"] [unique_id "abgESVnS-R4YvFW6Yovi1wAAAAE"], referer: https://www.indie100.com/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-01-31 19:01:10
(4 months ago)
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 14:00:58.602841 2026] [security2:error] [pid 11246:tid 11246] [client 39.154.11.212:1885] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||bookingsouthafrica.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "bookingsouthafrica.com"] [uri "/"] [unique_id "aX5RasBQmkJRITptfK9ldwAAACE"], referer: https://bookingsouthafrica.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-11-30 05:03:01
(6 months ago)
Web attack
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-09-24 09:45:50
(9 months ago)
(mod_security) mod_security (id:210350) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210350) triggered by 39.154.11.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 24 05:45:43.264087 2025] [security2:error] [pid 5867:tid 5867] [client 39.154.11.212:3121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.renju.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/tournament/60/game/262/"] [unique_id "aNO9x1wPQxKWz4Os3j3YGwAAAEU"], referer: https://www.renju.net/tournament/60/game/262
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π³
ThreatBook.io
2025-08-22 22:25:15
(10 months ago)
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025 ...
show more
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025-08-22 01:27:45 /
show less
Web App Attack
π¨π³
ThreatBook.io
2025-08-05 22:23:03
(10 months ago)
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025 ...
show more
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025-08-05 17:43:51 /
show less
Web App Attack
π¨π³
ThreatBook.io
2025-08-04 22:24:31
(10 months ago)
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025 ...
show more
ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/39.154.11.212
2025-08-04 16:23:01 /robots.txt
show less
Web App Attack
π¨π³
ThreatBook.io
2025-07-06 23:50:45
(11 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.212
2025-07-06 16 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.212
2025-07-06 16:40:15 /config.json
show less
Web App Attack