๐บ๐ธ
TPI-Abuse
2026-07-02 04:31:46
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 00:31:40.565092 2026] [security2:error] [pid 24092:tid 24172] [client 193.111.185.177:38077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.net"] [uri "/_.htaccess"] [unique_id "akXprFCwKo-jbKFhY-uv2AAAAY0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-01 01:45:15
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:45:07.893468 2026] [security2:error] [pid 9618:tid 9649] [client 193.111.185.177:33757] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.env.production"] [unique_id "ahzkI66ZZaSyqAmV4w98IgAAAUo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 15:07:37
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:07:30.536019 2025] [security2:error] [pid 17241:tid 17248] [client 193.111.185.177:40007] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.kettlehill.com|F|2"] [data ".kettlehill.com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/kettlehill.kettlehill.com.db"] [unique_id "aN1Dsqh4GLz6vZLSqBy5nwAAAIE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 07:04:27
(11 months ago)
(mod_security) mod_security (id:212750) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:212750) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:04:21.838398 2025] [security2:error] [pid 3712160:tid 3712178] [client 193.111.185.177:35033] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||www.kettlehill.com|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?spai_vjs=</script><img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.com"] [uri "/"] [unique_id "aIxm9dc_-1Eg368SpPhuoAAAAIE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 07:02:32
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 03:02:07.953533 2025] [security2:error] [pid 2762044:tid 2762058] [client 193.111.185.177:38581] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "aDv67wlM7g4oxUkvwMwH4gAAAMw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-30 18:10:17
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 193.111.185.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 14:10:14.281586 2025] [security2:error] [pid 482397:tid 482397] [client 193.111.185.177:37205] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.nbcnewsradio.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/www.nbcnewsradio.com/error.log"] [unique_id "aDn0hgc98fV_XowlFMg9HgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
Kepler-1649c
2024-05-19 13:46:39
(2 years ago)
HTTP.GET.Request.Directory.Traversal
Hacking
๐จ๐ญ
backslash
2024-03-05 07:38:52
(2 years ago)
honeypot
Bad Web Bot
๐ฎ๐ฉ
hermawan
2023-12-12 17:30:36
(2 years ago)
[Wed Dec 13 00:30:32.688771 2023] [security2:error] [pid 245631:tid 140486937392704] [client 193.111 ...
show more
[Wed Dec 13 00:30:32.688771 2023] [security2:error] [pid 245631:tid 140486937392704] [client 193.111.185.177:36313] [client 193.111.185.177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "ru" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "8"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: ru found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,ru-RU;q=0.8,ru;q=0.7 request_line = GET /b/bulanan.pdf HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/b/bulanan.pdf"] [unique_id "ZXiYuINInwg-51WLITTyTgAAAIU"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[245751] [C3FRaBP1yg0] [ZXiYuINInwg-51WLITTyTgAAAIU] keep_alive=[0] [2023-12-13 00:30:32.688777] [R:ZXiYuINInwg-51WLITTyTgAAAIU] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.
...
show less
Hacking
Web App Attack
Anonymous
2023-06-28 17:51:37
(3 years ago)
credential stuffing attack
Hacking
Brute-Force
Anonymous
2023-06-28 17:51:37
(3 years ago)
credential stuffing attack
Hacking
Brute-Force
Anonymous
2023-06-28 17:51:37
(3 years ago)
credential stuffing attack
Hacking
Brute-Force
Anonymous
2023-06-28 17:51:37
(3 years ago)
credential stuffing attack
Hacking
Brute-Force
๐ฆ๐บ
Joshua
2023-06-05 04:00:00
(3 years ago)
Web scraping
Bad Web Bot
๐ฆ๐บ
Joshua
2023-06-05 04:00:00
(3 years ago)
Web scraping
Bad Web Bot