๐บ๐ธ
TPI-Abuse
2026-07-02 05:05:21
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 01:05:17.834120 2026] [security2:error] [pid 20827:tid 20900] [client 161.123.151.186:52291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.svn/wc.db"] [unique_id "akXxjQaXSHycOVMS7bYSxgAAAUs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
Asimar
2026-05-03 07:27:22
(2 months ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 161.123.151.186 (US/ ...
show more
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 161.123.151.186 (US/United States/-): (CF_ENABLE)
show less
Bad Web Bot
๐ฉ๐ช
C C
2026-02-27 07:06:22
(4 months ago)
Recurrent distributed campaign detected (51 requests, 51 unique IPs over 63857 sec); unauth. bot tra ...
show more
Recurrent distributed campaign detected (51 requests, 51 unique IPs over 63857 sec); unauth. bot traffic w/o verification; first observed at 2026-02-26T10:21:46+01:00
show less
Bad Web Bot
Web App Attack
Anonymous
2026-02-26 15:50:03
(4 months ago)
Malicious activity detected
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-17 16:03:49
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 11:03:45.123715 2026] [security2:error] [pid 19689:tid 19689] [client 161.123.151.186:56921] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.example"] [unique_id "aWuy4U7t_fSn9n46jtXAigAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 14:54:16
(8 months ago)
(mod_security) mod_security (id:211190) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 09:54:09.827704 2025] [security2:error] [pid 6008:tid 6008] [client 161.123.151.186:52951] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "aRXxEd8zHAF3II2KxnZx6QAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-22 22:38:15
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 18:38:10.394545 2025] [security2:error] [pid 2402:tid 2402] [client 161.123.151.186:54505] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.deandobkin.com"] [uri "/.svn/wc.db"] [unique_id "aNHP0qZIlhyyFKwDCpiijgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-05 20:48:38
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 16:48:31.015636 2025] [security2:error] [pid 28588:tid 28588] [client 161.123.151.186:45379] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.nbcnewsradio.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/privatekey.key"] [unique_id "aJJuHzZqCt_Fk06gcLpKvgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-27 02:05:36
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 22:05:33.736982 2025] [security2:error] [pid 729657:tid 729714] [client 161.123.151.186:51329] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/wp-config.php.bak"] [unique_id "aIWJbRUVDjlJfvQpjEJfvwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-29 17:20:22
(1 year ago)
(mod_security) mod_security (id:212750) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:212750) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:20:10.615896 2025] [security2:error] [pid 3048193:tid 3048193] [client 161.123.151.186:35351] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||ftp.farmers123.com|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?k304=y\\x0d\\x0a\\x0d\\x0a<img src=copyparty onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.farmers123.com"] [uri "/"] [unique_id "aDiXSmNCsQxyG5uSdtPK1QAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-04 08:36:54
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 04 04:36:49.391049 2025] [security2:error] [pid 3757089:tid 3757089] [client 161.123.151.186:54471] [client 161.123.151.186] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.nbcnewsradio.com"] [uri "/.svn/entries"] [unique_id "aBcnISjRZswHDaKIxcoGEAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-02-27 14:36:44
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 161.123.151.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:34:30.861770 2025] [security2:error] [pid 27303:tid 27396] [client 161.123.151.186:41117] [client 161.123.151.186] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.staging.kettlehill.com"] [uri "/wp-config.php.bak"] [unique_id "Z8B39lqvcS75O-zsMlKTQwAAAU0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-15 12:40:53
(1 year ago)
| XSS (Cross Site Scripting) attempt.
Hacking
SQL Injection
Web App Attack