๐บ๐ธ
TPI-Abuse
2026-07-06 02:28:51
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 22:28:46.289188 2026] [security2:error] [pid 781:tid 781] [client 51.89.167.1:57210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tecnoconce.cl"] [uri "/rvsitebuilder/composer.json"] [unique_id "aksS3rggng2dDT003ldOOAAAADI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 22:41:31
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 18:41:27.147904 2026] [security2:error] [pid 4202:tid 4202] [client 51.89.167.1:50718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archief.org"] [uri "/bak.htaccess"] [unique_id "akWXl57ELwusJSH8pk4NZQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 04:48:39
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 00:48:32.803097 2026] [security2:error] [pid 5345:tid 5345] [client 51.89.167.1:51178] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.timezonespro.com.verdadesreales.com:80|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.timezonespro.com.verdadesreales.com"] [uri "/Calendrical/Calendrica/Java/mailto:[email protected] "] [unique_id "akH5IC51zVmRiJb7BRQf0AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 12:45:16
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 08:45:07.104182 2026] [security2:error] [pid 12119:tid 12119] [client 51.89.167.1:37088] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adoniahenterprises.com"] [uri "/goober_.htaccess"] [unique_id "ajp_006qnLqvZ2j5nkJ-iwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
loveprod
2026-06-14 23:23:40
(3 weeks ago)
51.89.167.1 - - [15/Jun/2026:02:23:39 +0300] "GET /nextcloud/apps/notifications/vendor-bin/phpunit/ ...
show more
51.89.167.1 - - [15/Jun/2026:02:23:39 +0300] "GET /nextcloud/apps/notifications/vendor-bin/phpunit/ HTTP/1.1" 200 738 "-" "Go-http-client/1.1"
51.89.167.1 - - [15/Jun/2026:02:23:39 +0300] "HEAD /nextcloud/apps/notifications/vendor-bin/phpunit/composer.json HTTP/1.1" 200 235 "-" "Go-http-client/1.1"
...
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-13 21:09:55
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 17:09:49.969692 2026] [security2:error] [pid 21658:tid 21658] [client 51.89.167.1:32950] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||genesis-castle.com:443|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "genesis-castle.com"] [uri "/networkl/map.log"] [unique_id "ai3HHX-YGXv-DbnI_3vPlgAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-20 04:32:54
(1 month ago)
CrowdSec ban: crowdsecurity/http-crawl-non_statics
Hacking
๐ซ๐ฎ
Erpelstolz
2026-05-18 13:29:30
(1 month ago)
external host: 51.89.167.1 - - [18/May/2026:15:29:30 +0200] "HEAD /login.html HTTP/1.1" 200 260 "-" ...
show more
external host: 51.89.167.1 - - [18/May/2026:15:29:30 +0200] "HEAD /login.html HTTP/1.1" 200 260 "-" "Go-http-client/1.1"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-17 21:46:36
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 17:46:30.020137 2026] [security2:error] [pid 28651:tid 28723] [client 51.89.167.1:41760] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||digital4z.com:80|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "digital4z.com"] [uri "/Digital4z.com/Digital4z/wp-content/plugins/jetpack/3rd-party/WS_FTP.LOG"] [unique_id "ago3Nqo0Ag-vKFghX9KCJwAAAgY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-16 17:43:27
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 13:43:20.888683 2026] [security2:error] [pid 15525:tid 15525] [client 51.89.167.1:36698] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.patrick.grimone.com:443|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.patrick.grimone.com"] [uri "/German/Europe Day 1/Thumbs.db"] [unique_id "agisuEbzliRqVDSEPyHHMgAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-16 15:44:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 11:44:05.549566 2026] [security2:error] [pid 5550:tid 5550] [client 51.89.167.1:58354] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stygianpassage.com.greighhouse.com"] [uri "/web.config"] [unique_id "agiQxXYeQmJKBaZ4JIluXgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-05-15 15:42:19
(1 month ago)
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ...
show more
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-stl2-17)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-15 10:04:05
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 06:03:59.328430 2026] [security2:error] [pid 29807:tid 29807] [client 51.89.167.1:47826] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.bright-ideas.jannetta.com:80|F|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bright-ideas.jannetta.com"] [uri "/LocalSettings.php.backup"] [unique_id "agbvj4RHuLvE5zShcLhVIgAAACg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-15 09:22:53
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 05:22:47.044136 2026] [security2:error] [pid 12767:tid 12767] [client 51.89.167.1:32894] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cffragrances.iee-usa.com:443|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cffragrances.iee-usa.com"] [uri "/wp-content/plugins/featured-content-gallery/css/img/Thumbs.db"] [unique_id "agbl54FWl8Xth4etHZCkUQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-15 08:02:18
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 51.89.167.1 (vps-bd272fa4.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:02:09.832376 2026] [security2:error] [pid 10493:tid 10493] [client 51.89.167.1:57874] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "needtoorder.us"] [uri "/USE-To-BLOCKwww.countryipblocks.net.htaccess"] [unique_id "agbTAT7Wix4VYB42EgYAHAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack