π±π»
garmtech.com
2026-03-23 17:32:04
(2 months ago)
IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-32.93.115.7.126.web-spammer ...
show more
IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-32.93.115.7.126.web-spammers.v2.rbl.imunify.com._v4 succeeded.
show less
Web App Attack
π±π»
garmtech.com
2026-03-23 14:49:34
(2 months ago)
IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-49.93.115.7.126.web-spammer ...
show more
IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-49.93.115.7.126.web-spammers.v2.rbl.imunify.com._v4 succeeded.
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-15 21:36:58
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 17:36:51.941545 2026] [security2:error] [pid 23796:tid 23796] [client 93.115.7.126:35077] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||powderriverinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/backups/mysql.sql"] [unique_id "abcmc7MIJleZVm51i0dpKAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-15 21:16:57
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 17:16:51.601360 2026] [security2:error] [pid 26722:tid 26722] [client 93.115.7.126:64801] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||loriatrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "loriatrading.com"] [uri "/backup/sql.sql"] [unique_id "abchw5WMAWBMSkb9IRg0nAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-15 15:55:03
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 11:54:58.002519 2026] [security2:error] [pid 5173:tid 5173] [client 93.115.7.126:54605] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lundtrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lundtrading.com"] [uri "/backup/sql.sql"] [unique_id "abbWUSCB72Wwcw4_YQ1jvQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-14 16:47:31
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 12:47:22.670447 2026] [security2:error] [pid 24553:tid 24553] [client 93.115.7.126:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ccamp.dev|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ccamp.dev"] [uri "/back/sql.sql"] [unique_id "abWRGgcWy3jL_ZhVnd80gAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-10 02:59:33
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 22:59:26.781957 2026] [security2:error] [pid 28262:tid 28276] [client 93.115.7.126:60529] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||siestakeybch.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "siestakeybch.com"] [uri "/backups/backup.sql"] [unique_id "aa-JDtH87Sx5_qq-qp7JzwAAAEk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
Penny Packer
2026-02-25 21:59:50
(3 months ago)
Fail2Ban apache-tripwires
Web App Attack
π«π·
dynamix
2026-02-21 12:51:51
(3 months ago)
Multiple WAF Violations
Web App Attack
π¬π§
Swiptly
2026-02-19 19:15:55
(3 months ago)
Excessive 403/404/405 PHP/CMS errors from scanning or broken bots
...
Web App Attack
π¨π
backslash
2026-02-19 18:22:06
(3 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
2026-02-19 17:43:24
(3 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack
πΊπΈ
Rip
2026-02-19 13:19:28
(3 months ago)
Automated recon attempt targeting restricted and sensitive paths.
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-14 03:39:46
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 22:39:43.710413 2026] [security2:error] [pid 10999:tid 10999] [client 93.115.7.126:39269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "skipspsaexchange.com"] [uri "/restore/sftp-config.json"] [unique_id "aY_ufyTeq7UbQNFg6HMGFAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-14 03:13:00
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 93.115.7.126 (dwight-monroe.talurf.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 22:12:52.479345 2026] [security2:error] [pid 29274:tid 29274] [client 93.115.7.126:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kryptonome.com"] [uri "/backups/sftp-config.json"] [unique_id "aY_oNM5ILknWF83QYCa2hgAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack