๐บ๐ธ
TPI-Abuse
2026-01-16 10:21:29
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 05:21:23.406598 2026] [security2:error] [pid 28427:tid 28427] [client 188.215.5.156:45371] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.nbcnewsradio"] [unique_id "aWoRIzeUZ10qFaFjfMFDywAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
[email protected]
2025-12-31 22:09:40
(5 months ago)
Attack attempt against Interwebbi servers; *Port Scan* detected from 188.215.5.156 (LT/Lithuania/-). ...
show more
Attack attempt against Interwebbi servers; *Port Scan* detected from 188.215.5.156 (LT/Lithuania/-). 5 hits in the last 530 seconds; IP: 188.215.5.156; Ports: *; Direction: 0; Trigger: PS_LIMIT;
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-12-29 18:36:08
(6 months ago)
(mod_security) mod_security (id:211190) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:35:56.404624 2025] [security2:error] [pid 25028:tid 25057] [client 188.215.5.156:49833] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.kettlehill.net|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /images/index.html?id=%24%7B%40print_r%28%40system%28%22cat+/etc/passwd%22%29%29%7D"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/images/index.html"] [unique_id "aVLKDHoCEO1cw_Cklci0tAAAAdM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-29 02:29:21
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 22:29:13.192800 2025] [security2:error] [pid 14456:tid 14456] [client 188.215.5.156:37277] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aQF7-VP8cWCQub-BQTMCWgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ช
RoboSOC
2025-10-16 08:30:39
(8 months ago)
Confluence Server OGNL Injection Remote Code Execution Vulnerability, PTR: PTR record not found
Hacking
๐ฉ๐ช
dpsbs
2025-10-14 08:00:21
(8 months ago)
multiple ips intrustions detected
Hacking
๐บ๐ธ
TPI-Abuse
2025-10-01 17:06:46
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:06:40.272966 2025] [security2:error] [pid 30110:tid 30143] [client 188.215.5.156:33743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.git/config"] [unique_id "aN1foMkWrLLgoGKIU59LJAAAAcA"], referer: https://www.kettlehill.com/.git/config
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-27 00:48:19
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:48:16.669787 2025] [security2:error] [pid 404368:tid 404583] [client 188.215.5.156:34261] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/my.key"] [unique_id "aIV3UKsKpTtRNU_PZbqK9gAAAEQ"], referer: http://ftp.kettlehill.net/my.key
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-06-23 15:35:35
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-05-29 17:17:13
(1 year ago)
(mod_security) mod_security (id:212750) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212750) triggered by 188.215.5.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:16:59.937207 2025] [security2:error] [pid 3054169:tid 3054169] [client 188.215.5.156:33025] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||ftp.farmers123.com|F|2"] [data "Matched Data: onload= found within REQUEST_URI: /?key='>\\x22<svg/onload=confirm('xss')>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.farmers123.com"] [uri "/"] [unique_id "aDiWi7EQRNl-Hh1tpZTmKgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-02-27 22:30:05
(1 year ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
Anonymous
2025-02-09 08:31:41
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
๐บ๐ธ
ChamberofCommerce.com
2023-11-02 05:47:45
(2 years ago)
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ...
show more
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226
show less
Bad Web Bot
๐บ๐ธ
ChamberofCommerce.com
2023-10-30 21:58:25
(2 years ago)
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ...
show more
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226
show less
Bad Web Bot