πΊπΈ
TPI-Abuse
2026-05-15 17:17:37
(3 weeks ago)
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 13:17:31.717373 2026] [security2:error] [pid 5986:tid 5986] [client 91.132.92.231:14445] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||salernospizza.com:443|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "salernospizza.com"] [uri "/"] [unique_id "agdVK6a-jDuHoSyCf2oX5AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-14 03:00:29
(3 weeks ago)
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 23:00:25.064009 2026] [security2:error] [pid 16344:tid 16344] [client 91.132.92.231:23933] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||solidthought.com:443|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "solidthought.com"] [uri "/"] [unique_id "agU6yaJUS_7l3ES_w8E8wAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΉ
DonPedro
2026-05-13 05:57:00
(3 weeks ago)
Connection attempts using mod_proxy
Open Proxy
Hacking
π³π±
DrLex0
2026-05-11 22:36:04
(3 weeks ago)
BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or j ...
show more
BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or just plain stupidity from whomever wrote this piece of crap
show less
Hacking
Bad Web Bot
Exploited Host
πΊπΈ
TPI-Abuse
2026-05-11 21:12:44
(3 weeks ago)
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 17:12:39.669176 2026] [security2:error] [pid 8135:tid 8135] [client 91.132.92.231:17125] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||spacebooger.com:443|F|4"] [data "CONNECT spacebooger.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "spacebooger.com"] [uri "/"] [unique_id "agJGRzUfjYH7NqsJYAasTAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-11 04:26:31
(3 weeks ago)
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 00:26:26.308555 2026] [security2:error] [pid 23371:tid 23371] [client 91.132.92.231:20071] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||yerevanpress.am:443|F|4"] [data "CONNECT yerevanpress.am:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "yerevanpress.am"] [uri "/"] [unique_id "agFacr9DKSHWWa0_lsBlHwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-07 18:54:29
(4 weeks ago)
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 14:54:25.377941 2026] [security2:error] [pid 1701:tid 1701] [client 91.132.92.231:25903] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||beatthegm.com:443|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "beatthegm.com"] [uri "/"] [unique_id "afzf4bDoSj1EjWtTQZvq9AAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-06 17:22:12
(1 month ago)
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 13:22:07.071712 2026] [security2:error] [pid 2987:tid 2987] [client 91.132.92.231:32901] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||clarktec.com:443|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "clarktec.com"] [uri "/"] [unique_id "aft4v1cwkOyay9AJ9KGgfAAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π΅π±
webadmin
2026-04-19 02:59:04
(1 month ago)
91.132.92.231 - - [19/Apr/2026:04:59:00 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
91.13 ...
show more
91.132.92.231 - - [19/Apr/2026:04:59:00 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
91.132.92.231 - - [19/Apr/2026:04:59:01 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
91.132.92.231 - - [19/Apr/2026:04:59:01 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
91.132.92.231 - - [19/Apr/2026:04:59:02 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
91.132.92.231 - - [19/Apr/2026:04:59:03 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-"
...
show less
Web App Attack
π©πͺ
Skyrider
2026-04-17 21:21:16
(1 month ago)
crowdsecurity/http-open-proxy
Hacking
πΊπΈ
TPI-Abuse
2026-04-15 18:42:26
(1 month ago)
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:210740) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 14:42:22.391318 2026] [security2:error] [pid 3255005:tid 3255005] [client 91.132.92.231:51819] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy||www.goddesskink.com:443|F|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.goddesskink.com"] [uri "/"] [unique_id "ad_cDp8_5M8FKkFzR1N5lAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-15 16:04:45
(1 month ago)
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 12:04:39.253629 2026] [security2:error] [pid 3965132:tid 3965132] [client 91.132.92.231:36617] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||haverhillhouse.com:443|F|4"] [data "CONNECT haverhillhouse.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "haverhillhouse.com"] [uri "/"] [unique_id "ad-3F1y1Bu0AFNKPrAxNiAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-14 06:03:39
(1 month ago)
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 02:03:34.357693 2026] [security2:error] [pid 492090:tid 492090] [client 91.132.92.231:42385] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||vjrott.com:443|F|4"] [data "CONNECT vjrott.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "vjrott.com"] [uri "/"] [unique_id "ad3Yth3gq9hP79-EIfZ3pQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-04-09 18:09:59
(1 month ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-03 20:55:27
(2 months ago)
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 i ...
show more
(mod_security) mod_security (id:217210) triggered by 91.132.92.231 (231.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 16:55:22.023892 2026] [security2:error] [pid 24306:tid 24433] [client 91.132.92.231:38951] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||www.danelandia.com:443|F|4"] [data "CONNECT www.danelandia.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.danelandia.com"] [uri "/"] [unique_id "adApOm8uyIS5M3WveGNVYgAAANg"]
show less
Brute-Force
Bad Web Bot
Web App Attack