๐ซ๐ท
bigorre.org
2026-06-07 14:07:29
(3 weeks ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-01 02:18:07
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:17:50.998244 2026] [security2:error] [pid 7732:tid 7748] [client 104.143.226.192:48547] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.svn/wc.db"] [unique_id "ahzrziKq_i-FrRbJEDIAZgAAAUI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-03 02:15:15
(6 months ago)
(mod_security) mod_security (id:221260) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:221260) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 21:15:04.675842 2025] [security2:error] [pid 13386:tid 13386] [client 104.143.226.192:52257] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||webmail.farmers123.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.farmers123.com"] [uri "/403.shtml"] [unique_id "aS-dKAWeFBcoFRD-Mv3hVgAAAAM"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-01 06:26:23
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:26:14.089209 2025] [security2:error] [pid 27471:tid 27511] [client 104.143.226.192:57131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.env.stage"] [unique_id "aS01BnLXOKC0tXS7y0kq1AAAAJc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 17:55:35
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:55:30.860330 2025] [security2:error] [pid 14803:tid 14824] [client 104.143.226.192:58291] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/main.php.bak"] [unique_id "aN1rEh3GBio1fk4ARmS2EQAAANI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 07:35:01
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:34:58.038548 2025] [security2:error] [pid 3332372:tid 3332397] [client 104.143.226.192:47369] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/elmah.axd"] [unique_id "aIxuIh33aKcnOojmIbhowAAAApc"], referer: https://www.kettlehill.com/elmah.axd
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-02-09 07:57:46
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
Anonymous
2025-01-07 11:16:02
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-10-27 02:23:49
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:23:39.325268 2024] [security2:error] [pid 16198:tid 16317] [client 104.143.226.192:53125] [client 104.143.226.192] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.kettlehill.net|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "Zx2kK4dxfUWkKNYQaRAgRwAAAMc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-09-03 18:39:04
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:38:28.218589 2024] [security2:error] [pid 8818:tid 8818] [client 104.143.226.192:34187] [client 104.143.226.192] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.stdavids-media.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZtdXpDNL_tO5H-YRP-fyEQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-08-01 00:45:55
(1 year ago)
(mod_security) mod_security (id:210580) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210580) triggered by 104.143.226.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 31 20:45:46.046559 2024] [security2:error] [pid 27294:tid 27302] [client 104.143.226.192:36611] [client 104.143.226.192] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:style. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||kettlehill.net|F|2"] [data "Matched Data: etc/passwd found within ARGS:style: ../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "kettlehill.net"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "Zqrauv8VayTTxsa0mTWR4AAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-16 09:01:42
(1 year ago)
General scanning observed in manual log review.
Web App Attack
๐ฉ๐ช
ps-center
2024-07-15 18:12:09
(1 year ago)
SS1: Web Attack GET /admin/logs/error.log
Web Spam
Hacking
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2024-06-27 13:00:45
(2 years ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
๐ช๐ธ
10dencehispahard SL
2024-05-27 02:03:20
(2 years ago)
Unauthorized login attempts [ accesslogs]
Brute-Force