๐บ๐ธ
TPI-Abuse
2026-07-03 21:04:14
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:04:01.080400 2026] [security2:error] [pid 3151:tid 3151] [client 39.154.12.157:17638] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||certifiedfarmersmarkets.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "certifiedfarmersmarkets.org"] [uri "/"] [unique_id "akgjwYTzK1bWzc5azjoaFwAAAAA"], referer: https://certifiedfarmersmarkets.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 14:56:17
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 10:56:07.738522 2026] [security2:error] [pid 1296:tid 1296] [client 39.154.12.157:11230] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||sasquatchproductionsltd.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "sasquatchproductionsltd.com"] [uri "/"] [unique_id "akUqh22pysjNXiylNYWrfQAAABE"], referer: http://sasquatchproductionsltd.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-17 23:51:17
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 19:51:07.957785 2026] [security2:error] [pid 27234:tid 27234] [client 39.154.12.157:11574] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.jeffhinkley.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jeffhinkley.com"] [uri "/"] [unique_id "ajMy65Wsh4FkLJ8-y_LRpQAAAAo"], referer: http://www.jeffhinkley.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-19 21:54:07
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 17:53:59.681198 2026] [security2:error] [pid 25304:tid 25304] [client 39.154.12.157:3641] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||roadtosalvation.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "roadtosalvation.org"] [uri "/index.html"] [unique_id "agzb960aV5d-7Ktk2hIXwwAAABM"], referer: http://roadtosalvation.org/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-15 20:55:52
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 16:55:41.448159 2026] [security2:error] [pid 10026:tid 10026] [client 39.154.12.157:28564] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||barbaraedidin.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "barbaraedidin.com"] [uri "/"] [unique_id "ageITd4g8R3z_7edQ0o7lwAAAAg"], referer: http://barbaraedidin.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-24 20:32:31
(2 months ago)
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 16:32:21.049282 2026] [security2:error] [pid 26847:tid 26847] [client 39.154.12.157:20079] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.ezekielproductions.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ezekielproductions.com"] [uri "/"] [unique_id "aevTVd4m49K3mqj9na7ryAAAABE"], referer: http://www.ezekielproductions.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ณ
liveaspankaj
2026-03-18 02:23:43
(3 months ago)
DDoS attack: 108 requests in 5m (GET / or repair.php).
DDoS Attack
๐จ๐ณ
ThreatBook.io
2025-10-20 22:35:22
(8 months ago)
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.12.157
2025-10- ...
show more
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.12.157
2025-10-20 19:41:01 /favicon.ico
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-06 10:30:45
(10 months ago)
(mod_security) mod_security (id:210350) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210350) triggered by 39.154.12.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 06:29:43.995550 2025] [security2:error] [pid 31442:tid 31442] [client 39.154.12.157:5666] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.renju.net|F|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/game/84327"] [unique_id "aLwNFyQKoTQ0lXeQPgvkVgAAAEs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฟ๐ฆ
IrisFlower
2023-05-25 00:29:40
(3 years ago)
Unauthorized connection attempt detected from IP address 39.154.12.157 to port 443 [J]
Port Scan
Hacking
๐ฟ๐ฆ
IrisFlower
2023-05-25 00:28:28
(3 years ago)
Unauthorized connection attempt detected from IP address 39.154.12.157 to port 443 [J]
Port Scan
Hacking
๐ฟ๐ฆ
IrisFlower
2023-05-13 20:37:56
(3 years ago)
Unauthorized connection attempt detected from IP address 39.154.12.157 to port 443 [J]
Port Scan
Hacking
๐ฟ๐ฆ
IrisFlower
2022-10-26 23:38:47
(3 years ago)
Unauthorized connection attempt detected from IP address 39.154.12.157 to port 443 [J]
Port Scan
Hacking
๐ฟ๐ฆ
IrisFlower
2022-04-20 18:07:33
(4 years ago)
Unauthorized connection attempt detected from IP address 39.154.12.157 to port 443 [J]
Port Scan
Hacking