Anonymous
2026-06-27 18:47:02
(4 days ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2026-06-15 13:07:01
(2 weeks ago)
Malicious activity detected
Hacking
Web App Attack
๐บ๐ธ
webgobe
2026-02-16 08:52:39
(4 months ago)
wew-(rsform) : try to access forms...
Hacking
๐บ๐ธ
TPI-Abuse
2026-01-25 16:01:13
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 25 11:01:07.882502 2026] [security2:error] [pid 26668:tid 26668] [client 51.222.167.158:56743] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||glassclublake.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "glassclublake.com"] [uri "/[email protected] "] [unique_id "aXY-Q2pq_CsArYFMdEy38QAAAA8"], referer: http://glassclublake.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
conseilgouz
2026-01-18 13:32:49
(5 months ago)
giw-Joomla User : try to access forms...
Hacking
๐บ๐ธ
TPI-Abuse
2026-01-13 21:12:25
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 16:12:20.799616 2026] [security2:error] [pid 6142:tid 6142] [client 51.222.167.158:55036] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gapanda.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gapanda.com"] [uri "/php-old.ini"] [unique_id "aWa1NEdO_69nonPmjI6VYQAAAAI"], referer: http://gapanda.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-12 23:22:47
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 18:22:44.066538 2026] [security2:error] [pid 30282:tid 30282] [client 51.222.167.158:49698] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "genesis-castle.com"] [uri "/wp-config.php"] [unique_id "aWWCRG7unsNBA_1n9kK4ywAAAAM"], referer: http://genesis-castle.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-10 00:17:38
(5 months ago)
(mod_security) mod_security (id:217291) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:217291) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 09 19:17:34.722746 2026] [security2:error] [pid 30266:tid 30266] [client 51.222.167.158:57338] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(\\\\n|\\\\r)" at ARGS_NAMES:\\r\\nfromwhere. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||furballrecords.com|F|2"] [data "Matched Data: \\x0d found within ARGS_NAMES:\\x5cr\\x5cnfromwhere: \\x0d\\x0afromwhere"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "furballrecords.com"] [uri "/g12terms.php"] [unique_id "aWGansPgrU7tq3M7UY0JngAAAA8"], referer: https://furballrecords.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-01-05 01:41:02
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2026-01-02 13:40:40
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-12-28 01:20:03
(6 months ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2025-12-27 10:54:48
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-12-21 15:24:01
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 21 10:23:57.944350 2025] [security2:error] [pid 22744:tid 22744] [client 51.222.167.158:57062] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.phantomkennels.com|F|2"] [data "[email protected] "] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.phantomkennels.com"] [uri "/[email protected] "] [unique_id "aUgRDQC8a8eVCN-8yvzDRgAAABQ"], referer: http://www.phantomkennels.com
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-11 14:44:00
(6 months ago)
Excessive crawling/scraping. Vulnerable file probing.
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-08 18:08:29
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in ...
show more
(mod_security) mod_security (id:210730) triggered by 51.222.167.158 (ip158.ip-51-222-167.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 13:08:25.735235 2025] [security2:error] [pid 1868:tid 1868] [client 51.222.167.158:49755] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dalessalesandservice.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dalessalesandservice.com"] [uri "/[email protected] "] [unique_id "aTcUGWipgXfDpDypeFtgDwAAAA4"], referer: http://www.dalessalesandservice.com/
show less
Brute-Force
Bad Web Bot
Web App Attack