๐บ๐ธ
TPI-Abuse
2026-06-01 02:03:43
(1 month ago)
(mod_security) mod_security (id:211540) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:211540) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:01:44.664414 2026] [security2:error] [pid 17654:tid 17734] [client 109.198.38.178:44753] ModSecurity: Access denied with code 403 (phase 2). Match of "contains /wp-json/yoast/" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "17"] [id "211540"] [rev "14"] [msg "COMODO WAF: Blind SQL Injection Attack||kettlehill.com|F|2"] [data "Matched Data: table_name found within REQUEST_URI: /%2e%2fmigrate%2ftemplates%2fdebug%2fdb-table&table_name=wp_users--%20-"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "kettlehill.com"] [uri "/"] [unique_id "ahzoCNmdiBK8fg9Le5CbOgAAAMs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 11:23:46
(5 months ago)
(mod_security) mod_security (id:240950) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240950) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:23:08.131385 2026] [security2:error] [pid 16722:tid 16859] [client 109.198.38.178:41165] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||kettlehill.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kettlehill.net"] [uri "/jira/secure/QueryComponentRendererValue!Default.jspa"] [unique_id "aX83nMyMbG6v0xSDvGJT3gAAAsA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2025-12-09 08:42:11
(7 months ago)
Triggered Cloudflare WAF (firewallCustom) from TR.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/2 ...
show more
Triggered Cloudflare WAF (firewallCustom) from TR.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/2 (GET method)
Endpoint: /youtube
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-12-01 05:50:50
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:48:47.453543 2025] [security2:error] [pid 31256:tid 31285] [client 109.198.38.178:41633] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/api/.env"] [unique_id "aS0sP228JkE_f6YcP87tAQAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 15:48:54
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:48:48.524909 2025] [security2:error] [pid 30109:tid 30122] [client 109.198.38.178:35983] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\windows\\\\win.ini"] [unique_id "aN1NYJmcYLK3QOnvb-94ZgAAAYY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ฌ
raramos
2025-08-07 19:00:07
(11 months ago)
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed ...
show more
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed'
in sorbs:'listed [web], [spam]'
in Unsubscore:'listed'
*(RWIN=8192)(04:10)
show less
Web Spam
Email Spam
Port Scan
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 08:31:47
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 04:31:40.630701 2025] [security2:error] [pid 3331489:tid 3331575] [client 109.198.38.178:41093] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||staging.kettlehill.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "staging.kettlehill.com"] [uri "/db.php.bak"] [unique_id "aIx7bDqSEPOvsBY_LS5qYwAAAMM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-07-01 15:00:02
(1 year ago)
| XSS (Cross Site Scripting) attempt.
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 05:56:46
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:211190) triggered by 109.198.38.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:56:37.959363 2025] [security2:error] [pid 2636838:tid 2636928] [client 109.198.38.178:43189] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.staging.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "aDvrlTvwu3ccjH5oiKH-uwAAAJM"]
show less
Brute-Force
Bad Web Bot
Web App Attack