๐บ๐ธ
TPI-Abuse
2026-03-01 20:26:15
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:26:08.780798 2026] [security2:error] [pid 26067:tid 26076] [client 174.140.254.194:60397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-config.php"] [unique_id "aaSg4E5L5LRphzCVS7LyGgAAAQY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-16 07:02:27
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 02:02:21.403653 2026] [security2:error] [pid 28405:tid 28405] [client 174.140.254.194:60193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nbcnewsradio.com"] [uri "/example.htaccess"] [unique_id "aWnifefZscpufRlZo8-KNgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-11-27 22:11:00
(7 months ago)
Web App Attack
๐ฆ๐น
Erpelstolz
2025-11-25 11:30:30
(7 months ago)
VM 131: 174.140.254.194 - - [25/Nov/2025:12:30:26 +0100] "GET /solr/solrdefault/debug/dump?param=Con ...
show more
VM 131: 174.140.254.194 - - [25/Nov/2025:12:30:26 +0100] "GET /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file:///etc/passwd HTTP/1.1" 404 8451
show less
Hacking
Web App Attack
Anonymous
2025-11-17 12:14:21
(7 months ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-12 17:11:39
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 12:11:33.626637 2025] [security2:error] [pid 12813:tid 12813] [client 174.140.254.194:55109] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.nbcnewsradio.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/admin/errors.log"] [unique_id "aRS_xTPNrSTli_UdZLKJtgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 18:54:40
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 14:54:36.728228 2025] [security2:error] [pid 14803:tid 14813] [client 174.140.254.194:50675] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.env."] [unique_id "aN147B3GBio1fk4ARmTRCgAAAMc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 06:41:33
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:41:25.765142 2025] [security2:error] [pid 3332372:tid 3332394] [client 174.140.254.194:37613] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/database.php.bak"] [unique_id "aIxhlR33aKcnOojmIbhS-wAAApQ"], referer: http://ftp.kettlehill.com/database.php.bak
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 15:03:38
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 11:03:30.208443 2025] [security2:error] [pid 2940926:tid 2940926] [client 174.140.254.194:41627] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.nbcnewsradio.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/database.php.bak"] [unique_id "aDxrwmwzPxlTXCD5_gTwvAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 05:36:20
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210492) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:35:40.565863 2025] [security2:error] [pid 2256137:tid 2256252] [client 174.140.254.194:51811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-config.txt"] [unique_id "aDvmrGQ8Dui5hvebpq9urAAAANU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-28 20:31:10
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.Colocatio ...
show more
(mod_security) mod_security (id:210730) triggered by 174.140.254.194 (174.140.254.194.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:31:01.235295 2025] [security2:error] [pid 1865614:tid 1865614] [client 174.140.254.194:54753] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.farmers123.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/autodiscover.db"] [unique_id "aDdyhQTzp_xFXljn8ucQ7AAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack