๐บ๐ธ
TPI-Abuse
2025-10-28 15:27:09
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 11:27:00.791884 2025] [security2:error] [pid 5602:tid 5602] [client 87.246.11.125:27453] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "babylontravelone.com"] [uri "/wp-config.php~"] [unique_id "aQDgxBb2apUxmYpE2dpXFwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-27 22:19:10
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 27 18:19:06.254156 2025] [security2:error] [pid 18336:tid 18336] [client 87.246.11.125:19523] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||renjunews.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "renjunews.com"] [uri "/wp-content/backups.sql"] [unique_id "aP_v2sXsOpF6CwucgueL0QAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-24 03:12:24
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 23:12:21.880448 2025] [security2:error] [pid 28623:tid 28623] [client 87.246.11.125:24029] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gonzalovaralla.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gonzalovaralla.com"] [uri "/backup/wp.sql"] [unique_id "aPrulRytcitbi4LIcoRW8AAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-24 02:30:16
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 22:30:09.818674 2025] [security2:error] [pid 23018:tid 23018] [client 87.246.11.125:1731] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tomhatcher.us|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tomhatcher.us"] [uri "/backup/db.sql"] [unique_id "aPrksf1-_AwLmJ48tbQ6RQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-23 23:48:42
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 19:48:35.503216 2025] [security2:error] [pid 27798:tid 27798] [client 87.246.11.125:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||eddysgroup.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "eddysgroup.com"] [uri "/web.sql"] [unique_id "aPq-0wWy_Tuz4i19BhMMqAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-23 21:58:16
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 17:58:10.970862 2025] [security2:error] [pid 14292:tid 14292] [client 87.246.11.125:17333] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||marijuanajoint.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "marijuanajoint.com"] [uri "/sql.sql"] [unique_id "aPqk8nQtCUmrHBBW_cJ4eQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
i-turnradio.nl
2025-10-21 17:40:45
(8 months ago)
2025-10-21 @ 19:40:45 (CET) ~ Blocked based on risk assessment and prior abuse reports
Web App Attack
Anonymous
2025-10-17 19:10:03
(8 months ago)
wordpress-trap
Web App Attack
๐ฎ๐ฉ
Burayot
2025-10-17 14:22:49
(8 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 87.246.11.125 (BG/Bulgaria/-): 2 in ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 87.246.11.125 (BG/Bulgaria/-): 2 in the last 3600 secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-17 00:22:50
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 16 20:22:45.731725 2025] [security2:error] [pid 32016:tid 32016] [client 87.246.11.125:6531] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||macro-astrology.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "macro-astrology.com"] [uri "/backup/sql.sql"] [unique_id "aPGMVf3KfljHUsEvr10dKQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-13 00:31:45
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 12 20:31:39.908139 2025] [security2:error] [pid 11935:tid 11935] [client 87.246.11.125:26885] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||oshadega.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oshadega.com"] [uri "/www.sql"] [unique_id "aOxIazwHfRTElzHWogBkzAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-12 23:52:34
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 87.246.11.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 12 19:52:30.665389 2025] [security2:error] [pid 20972:tid 20972] [client 87.246.11.125:31901] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sharawi-gum.com"] [uri "/wp-config.php.old"] [unique_id "aOw_PngZ0frp7PCqze_NbQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2025-10-12 13:33:42
(8 months ago)
20 attempts against mh_ha-misbehave-ban on iron
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2025-10-05 13:39:53
(8 months ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฎ๐ฉ
Burayot
2025-10-04 21:28:05
(8 months ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 87.246.11.125 (BG/Bulgaria/-): 1 in ...
show more
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 87.246.11.125 (BG/Bulgaria/-): 1 in the last 3600 secs
show less
Web App Attack