|
๐จ๐ณ
116.16.30.4
|
|
(mod_security) mod_security (id:210831) triggered by 116.16.30.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 116.16.30.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:07:10.380930 2026] [security2:error] [pid 794:tid 794] [client 116.16.30.4:4483] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||wookheo.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "wookheo.com"] [uri "/"] [unique_id "alU3XjmiUuBL_y-1AmlD5wAAAAk"], referer: http://wookheo.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
183.213.172.165
|
|
(mod_security) mod_security (id:210831) triggered by 183.213.172.165 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 183.213.172.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:07:03.563960 2026] [security2:error] [pid 22364:tid 22455] [client 183.213.172.165:25223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.ioqm.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ioqm.com"] [uri "/"] [unique_id "alU3VyiBaH1LSO-nr7SyRgAAAYk"], referer: https://www.ioqm.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
112.103.143.219
|
|
(mod_security) mod_security (id:210831) triggered by 112.103.143.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 112.103.143.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:07:05.025992 2026] [security2:error] [pid 21641:tid 21641] [client 112.103.143.219:29895] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.studiopilates.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.studiopilates.net"] [uri "/"] [unique_id "alU3WaPfBTIkYFbKneMHDAAAAA8"], referer: http://www.studiopilates.net/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
183.164.251.181
|
|
(mod_security) mod_security (id:210831) triggered by 183.164.251.181 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210831) triggered by 183.164.251.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:07:05.124390 2026] [security2:error] [pid 1128:tid 1128] [client 183.164.251.181:16996] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||wookheo.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "wookheo.com"] [uri "/"] [unique_id "alU3WXqcmAjWHOK_v6eswwAAAB4"], referer: http://wookheo.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
223.91.89.121
|
|
(mod_security) mod_security (id:210831) triggered by 223.91.89.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 223.91.89.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:07:04.049132 2026] [security2:error] [pid 19978:tid 19978] [client 223.91.89.121:47297] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.afjm.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.afjm.net"] [uri "/"] [unique_id "alU3WAOEBfCOgufb3E3_XgAAAAw"], referer: http://www.afjm.net/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐บ๐ธ
2a09:bac5:9441:3af::5e:55
|
|
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9441:3af::5e:55 (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9441:3af::5e:55 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:53.165548 2026] [security2:error] [pid 21206:tid 21206] [client 2a09:bac5:9441:3af::5e:55:30020] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.solidthought.com"] [uri "/.env"] [unique_id "alU3TVMFGGgM51dk08BIwwAAAAw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐ต๐ฐ
39.36.212.231
|
|
(mod_security) mod_security (id:240335) triggered by 39.36.212.231 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.36.212.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:54.227234 2026] [security2:error] [pid 20547:tid 20551] [client 39.36.212.231:57740] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.36.212.231 (+1 hits since last alert)|abusaimeh.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abusaimeh.com"] [uri "/xmlrpc.php"] [unique_id "alU3Tnv7c7TtziUT09DCAQAAAIA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
39.149.223.52
|
|
(mod_security) mod_security (id:210831) triggered by 39.149.223.52 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 39.149.223.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:51.170696 2026] [security2:error] [pid 22366:tid 22484] [client 39.149.223.52:36302] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.gapm.eu|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.gapm.eu"] [uri "/"] [unique_id "alU3SzCLXjUvqFEOo0rv9gAAAgo"], referer: https://www.gapm.eu/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
182.46.11.127
|
|
(mod_security) mod_security (id:210350) triggered by 182.46.11.127 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210350) triggered by 182.46.11.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:39.909346 2026] [security2:error] [pid 26490:tid 26490] [client 182.46.11.127:58008] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.doctoredwinalvarez.com|F|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.doctoredwinalvarez.com"] [uri "/conoce-al-doctor-edwin-alvarez/"] [unique_id "alU3P8rx7_EBcFPvjrFwqwAAABk"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
112.38.53.165
|
|
(mod_security) mod_security (id:210831) triggered by 112.38.53.165 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 112.38.53.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:39.095010 2026] [security2:error] [pid 13535:tid 13535] [client 112.38.53.165:7324] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.niximperial.biz|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.niximperial.biz"] [uri "/"] [unique_id "alU3P0VXB5ZKw012BCnWKgAAABY"], referer: http://www.niximperial.biz/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
115.58.45.190
|
|
(mod_security) mod_security (id:210831) triggered by 115.58.45.190 (hn.kd.ny.adsl): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210831) triggered by 115.58.45.190 (hn.kd.ny.adsl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:40.507713 2026] [security2:error] [pid 9248:tid 9248] [client 115.58.45.190:31178] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.christineohlman.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.christineohlman.net"] [uri "/"] [unique_id "alU3QCMwMTlDSC9Lr8ZbFwAAABM"], referer: http://www.christineohlman.net/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
183.198.38.150
|
|
(mod_security) mod_security (id:210350) triggered by 183.198.38.150 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 183.198.38.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:36.256622 2026] [security2:error] [pid 29247:tid 29247] [client 183.198.38.150:7181] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.doctoredwinalvarez.com|F|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.doctoredwinalvarez.com"] [uri "/conoce-al-doctor-edwin-alvarez/"] [unique_id "alU3PK_fN9A469wbh8-_7gAAAAg"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐ฎ๐ณ
117.216.101.211
|
|
(mod_security) mod_security (id:240335) triggered by 117.216.101.211 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 117.216.101.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:30.698391 2026] [security2:error] [pid 31696:tid 31696] [client 117.216.101.211:61259] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 117.216.101.211 (+1 hits since last alert)|fgrotary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fgrotary.org"] [uri "/xmlrpc.php"] [unique_id "alU3NgYeNeC0m8kp0ZBwQgAAABk"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
101.26.28.244
|
|
(mod_security) mod_security (id:210831) triggered by 101.26.28.244 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 101.26.28.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:37.278189 2026] [security2:error] [pid 29249:tid 29249] [client 101.26.28.244:59030] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.wendeenicole.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wendeenicole.com"] [uri "/"] [unique_id "alU3PbobfA9HN3FnJv303QAAAA0"], referer: http://www.wendeenicole.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
111.8.207.34
|
|
(mod_security) mod_security (id:210350) triggered by 111.8.207.34 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 111.8.207.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:32.081468 2026] [security2:error] [pid 29210:tid 29210] [client 111.8.207.34:48235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.doctoredwinalvarez.com|F|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.doctoredwinalvarez.com"] [uri "/conoce-al-doctor-edwin-alvarez/"] [unique_id "alU3OByqbdJO9ay2GsFrZAAAAAI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
1.25.106.150
|
|
(mod_security) mod_security (id:210831) triggered by 1.25.106.150 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210831) triggered by 1.25.106.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:25.594584 2026] [security2:error] [pid 17880:tid 17880] [client 1.25.106.150:4954] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||encoremtmorris.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "encoremtmorris.com"] [uri "/"] [unique_id "alU3MYMNHYO_GIeeeguRYAAAAA4"], referer: https://encoremtmorris.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐บ๐ธ
2603:8081:31f0:a60:18a:b592:8a79:3a66
|
|
(mod_security) mod_security (id:225170) triggered by 2603:8081:31f0:a60:18a:b592:8a79:3a66 (syn-2603 ...
show more
(mod_security) mod_security (id:225170) triggered by 2603:8081:31f0:a60:18a:b592:8a79:3a66 (syn-2603-8081-31f0-0a60-018a-b592-8a79-3a66.res6.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:12.564605 2026] [security2:error] [pid 29899:tid 29899] [client 2603:8081:31f0:a60:18a:b592:8a79:3a66:31495] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arsenalfordemocracy.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alU3JCWKnpfxduxISE2f8wAAABk"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
39.154.6.190
|
|
(mod_security) mod_security (id:210831) triggered by 39.154.6.190 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210831) triggered by 39.154.6.190 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:06:04.044004 2026] [security2:error] [pid 5558:tid 5580] [client 39.154.6.190:4319] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||expozium.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "expozium.com"] [uri "/"] [unique_id "alU3HM3Qx25yLAtDoN3kGQAAABI"], referer: http://expozium.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐ฒ๐ฝ
187.188.26.87
|
|
(mod_security) mod_security (id:210730) triggered by 187.188.26.87 (fixed-187-188-26-87.totalplay.ne ...
show more
(mod_security) mod_security (id:210730) triggered by 187.188.26.87 (fixed-187-188-26-87.totalplay.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:57.837735 2026] [security2:error] [pid 913:tid 913] [client 187.188.26.87:58946] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bahamascruisersguide.com|F|2"] [data ".blogspot.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bahamascruisersguide.com"] [uri "/Blogs-Websites/snowbirdscompassrose.blogspot.com"] [unique_id "alU3FSmBucmrpzGIrmWo-gAAAAA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
183.0.179.198
|
|
(mod_security) mod_security (id:210831) triggered by 183.0.179.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 183.0.179.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:58.530715 2026] [security2:error] [pid 23090:tid 23090] [client 183.0.179.198:55984] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||xyncom.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "xyncom.com"] [uri "/"] [unique_id "alU3Fiz0Mu66l6n7U7crIAAAAAk"], referer: https://xyncom.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
117.71.202.97
|
|
(mod_security) mod_security (id:210831) triggered by 117.71.202.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 117.71.202.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:51.862833 2026] [security2:error] [pid 2157732:tid 2157732] [client 117.71.202.97:57562] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||sistemmail.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "sistemmail.net"] [uri "/"] [unique_id "alU3D_prC50w0SRssoi2hAAAAAg"], referer: http://sistemmail.net/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
112.32.116.241
|
|
(mod_security) mod_security (id:210831) triggered by 112.32.116.241 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 112.32.116.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:45.825411 2026] [security2:error] [pid 5155:tid 5155] [client 112.32.116.241:11479] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.kirt.us|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kirt.us"] [uri "/"] [unique_id "alU3CdeU2LU8LmFynXdsTAAAAAU"], referer: http://www.kirt.us/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
113.75.243.164
|
|
(mod_security) mod_security (id:210831) triggered by 113.75.243.164 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 113.75.243.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:42.341500 2026] [security2:error] [pid 27959:tid 27959] [client 113.75.243.164:25600] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.xyncom.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.xyncom.com"] [uri "/"] [unique_id "alU3Bk6CZQAAhdjPGzhbTgAAAA4"], referer: https://www.xyncom.com/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐จ๐ณ
120.231.37.231
|
|
(mod_security) mod_security (id:210831) triggered by 120.231.37.231 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.231.37.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:34.088702 2026] [security2:error] [pid 14982:tid 14982] [client 120.231.37.231:26720] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||webtony.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "webtony.net"] [uri "/"] [unique_id "alU2_jknP08_wG5qXO4hAQAAAAs"], referer: http://webtony.net/
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
๐ฟ๐ฆ
197.101.219.207
|
|
(mod_security) mod_security (id:240335) triggered by 197.101.219.207 (197-101-219-207.ip.broadband.i ...
show more
(mod_security) mod_security (id:240335) triggered by 197.101.219.207 (197-101-219-207.ip.broadband.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:05:36.111828 2026] [security2:error] [pid 880:tid 1077] [client 197.101.219.207:58606] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.101.219.207 (+1 hits since last alert)|whatismetamodern.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whatismetamodern.com"] [uri "/xmlrpc.php"] [unique_id "alU3AEyORRVq7im_uBwUxgAAAVQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|