|
๐ช๐ธ
MrPcap
|
|
This ip was performing XSS attacks.
|
Port Scan
Web App Attack
Hacking
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:48:21.561119 2026] [security2:error] [pid 11752:tid 12121] [client 195.210.44.18:34399] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.staging.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.staging.kettlehill.com"] [uri "/logs/errors.log"] [unique_id "ahzk5VK1j6eB9I0a-Y9KkAAAAQE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:09:45.809197 2026] [security2:error] [pid 3623:tid 3740] [client 195.210.44.18:37527] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/site.sql"] [unique_id "aaSdCV4WolzQRuAXATJwVAAAAU0"], referer: https://www.kettlehill.com/site.sql
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:07:40.503222 2025] [security2:error] [pid 25213:tid 25281] [client 195.210.44.18:37169] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/a.htaccess"] [unique_id "aS0wrBbartSq97dN_O16ggAAAMA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 12:37:04.869586 2025] [security2:error] [pid 30110:tid 30162] [client 195.210.44.18:35621] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.kettlehill.net|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.net"] [uri "/database.php.bak"] [unique_id "aN1YsMkWrLLgoGKIU588MQAAAdE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:46:59.214708 2025] [security2:error] [pid 3331447:tid 3331458] [client 195.210.44.18:42163] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.staging.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "aIxi41SZjg6lcpTf51ZjZwAAAYc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
| Common web attack.
|
Hacking
SQL Injection
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210580) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210580) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:29:05.579364 2025] [security2:error] [pid 2256136:tid 2256219] [client 195.210.44.18:36297] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:local-destination-id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||kettlehill.com|F|2"] [data "Matched Data: etc/passwd found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "kettlehill.com"] [uri "/wp-admin/admin-post.php"] [unique_id "aDvlIbVUnYIqO9hNDISxSwAAAI8"], referer: http://kettlehill.com/wp-admin/admin-post.php?page=pb_backupbuddy_destinations&local-destination-id=/etc/passwd&local-download=/etc/passwd
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 195.210.44.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 13:25:16.834543 2025] [security2:error] [pid 425912:tid 425912] [client 195.210.44.18:40949] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.nbcnewsradio.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/ssl/localhost.key"] [unique_id "aDnp_O325IzrdT4GLi7hbAAAAAY"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|