π«π·
bigorre.org
2026-06-20 14:53:08
(1 day ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
2026-06-10 18:48:29
(1 week ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.239.33.96 (CA/Ca ...
show more
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.239.33.96 (CA/Canada/-)
show less
Bad Web Bot
π©πͺ
rh24
2026-05-02 02:58:04
(1 month ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.239.33.96 (CA/Ca ...
show more
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.239.33.96 (CA/Canada/-)
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-01-17 00:16:10
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:15:08.472886 2026] [security2:error] [pid 17429:tid 17429] [client 104.239.33.96:48293] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.svn/wc.db"] [unique_id "aWrUjBn25QOiJeZt3CH2QAAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-29 21:37:52
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 16:37:46.611807 2025] [security2:error] [pid 21673:tid 21676] [client 104.239.33.96:51815] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.kettlehill.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.com"] [uri "/ER8300G2-X.cfg"] [unique_id "aVL0qtoKFoxlNLdnJRxlIAAAAEA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-29 10:30:11
(6 months ago)
(mod_security) mod_security (id:211190) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 29 05:30:05.837048 2025] [security2:error] [pid 31629:tid 31718] [client 104.239.33.96:36373] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||kettlehill.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "aSrLLZnpskBNSmD6MKBgWAAAAZA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-13 13:31:03
(7 months ago)
(mod_security) mod_security (id:212620) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 08:30:58.772327 2025] [security2:error] [pid 25117:tid 25117] [client 104.239.33.96:44821] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /?rsd=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aRXdkvyuTQkBrVUlm_4c_QAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
SCHAPPY
2025-07-31 14:00:01
(10 months ago)
IP was involved in L7 DDoS attack.
DDoS Attack
πΊπΈ
TPI-Abuse
2025-07-27 00:26:28
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:26:19.385962 2025] [security2:error] [pid 291259:tid 291325] [client 104.239.33.96:37287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/.env.local"] [unique_id "aIVyK2QX5AgegSXcd9rZywAAARQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-05-30 01:11:45
(1 year ago)
(mod_security) mod_security (id:212620) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 104.239.33.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 21:11:38.012891 2025] [security2:error] [pid 3895438:tid 3895438] [client 104.239.33.96:54221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||mail.farmers123.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioplayeroption=1&filelist[0][title]=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.farmers123.com"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "aDkFym1zgCWMZLBV_t9cJgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-05-04 17:50:01
(1 year ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
2024-11-21 01:06:07
(1 year ago)
alibaba cloud ddos like web scan
Bad Web Bot
2024-11-14 00:48:12
(1 year ago)
alibaba cloud ddos like web scan
Bad Web Bot
2024-11-02 11:35:11
(1 year ago)
alibaba cloud ddos like web scan
Bad Web Bot
2024-10-26 07:55:58
(1 year ago)
alibaba cloud ddos like web scan
Bad Web Bot