|
๐ช๐ธ
MrPcap
|
|
This ip it's performing XSS and SQLi attacks.
|
Web App Attack
Hacking
SQL Injection
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:06:50.857597 2026] [security2:error] [pid 7577:tid 7674] [client 161.123.142.27:34527] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/logs/errors.log"] [unique_id "ahzpOo6nP6TlQzUBlJvQFAAAAME"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:211190) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:45:05.681442 2025] [security2:error] [pid 26090:tid 26464] [client 161.123.142.27:40323] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?p=3232&wp_automatic=download&link=file:///etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/"] [unique_id "aS0rYQqR0geke5MRGl4A9gAAAJI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:11:20.769241 2025] [security2:error] [pid 30109:tid 30136] [client 161.123.142.27:41121] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/.env.kettlehill"] [unique_id "aN1guJmcYLK3QOnvb--OPgAAAZQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 06:20:48.801168 2025] [security2:error] [pid 3904814:tid 3904946] [client 161.123.142.27:35603] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/kettlehill.kettlehill.com/error.log"] [unique_id "aIyVAF6-dT8nKLZzIg5vjAAAAJE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
| Common web attack.
|
Hacking
SQL Injection
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 17:22:33.477407 2025] [security2:error] [pid 3290938:tid 3290938] [client 161.123.142.27:45739] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.nbcnewsradio.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/index.php.bak"] [unique_id "aDzEmaxE3a7R6-Xz_nSkCAAAAAI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:220150) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:220150) triggered by 161.123.142.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:47:52.465088 2025] [security2:error] [pid 2256135:tid 2256182] [client 161.123.142.27:45257] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\*.{0,399}\\\\*\\\\/)?select)" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5662"] [id "220150"] [rev "5"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)||www.staging.kettlehill.com|F|2"] [data ")\\x22unionselect1,2,3,4,5,6,7,concat(md5(999999999),0x2c,8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--g"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.staging.kettlehill.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aDvpiK49PdggYnA6bssfAAAAAEY"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|