πΊπΈ
TPI-Abuse
2026-01-17 07:03:53
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:03:45.538348 2026] [security2:error] [pid 32736:tid 32736] [client 198.105.100.212:50271] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/lib../.git/config"] [unique_id "aWs0UbZLqq9Oxdi_wJS70wAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-29 21:22:50
(5 months ago)
(mod_security) mod_security (id:211190) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 16:22:43.514971 2025] [security2:error] [pid 9999:tid 10025] [client 198.105.100.212:44109] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/index.php"] [unique_id "aVLxI4un-3ctHNDZklPOlAAAAJI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-01 06:35:07
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:35:00.105234 2025] [security2:error] [pid 30768:tid 30776] [client 198.105.100.212:43963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/.env.whm"] [unique_id "aS03FP5kVQ-rlVW6wYRz1AAAAUQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-11-14 09:01:22
(7 months ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2025-11-13 08:48:58
(7 months ago)
(mod_security) mod_security (id:212620) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:212620) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:48:53.282781 2025] [security2:error] [pid 18826:tid 18826] [client 198.105.100.212:56617] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=<script>alert(document.domain);</script>&ct_mls&ct_brokerage=0&lat&lng"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aRWbde-T1TSnEBC9gRL3qAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-07-27 00:30:40
(10 months ago)
(mod_security) mod_security (id:221260) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:221260) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:30:24.022157 2025] [security2:error] [pid 172226:tid 172454] [client 198.105.100.212:35345] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||cpcontacts.kettlehill.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.com"] [uri "/"] [unique_id "aIVzIH6EtJKYjh039GtH9gAAAI8"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-06-23 14:10:45
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2025-05-30 00:36:00
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 198.105.100.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 20:35:57.569883 2025] [security2:error] [pid 3845895:tid 3845895] [client 198.105.100.212:52203] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.farmers123.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.farmers123.com"] [uri "/maint/modules/endpointcfg/endpointcfg.php"] [unique_id "aDj9bYwCy41ElJYyfGOOXgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-01-25 19:10:38
(1 year ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
πΈπ¬
oncord
2024-09-06 04:57:32
(1 year ago)
Form spam
Web Spam
2024-09-04 22:31:28
(1 year ago)
Web Spam
πΊπΈ
nowyouknow
2024-08-11 19:24:49
(1 year ago)
Malicious Traffic/Form Submission
Phishing
Web Spam
πΈπ¬
oncord
2024-08-10 16:28:25
(1 year ago)
Form spam
Web Spam
πΊπΈ
ChamberofCommerce.com
2023-11-06 06:24:38
(2 years ago)
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ...
show more
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226
show less
Bad Web Bot
πΊπΈ
ChamberofCommerce.com
2023-11-02 04:37:14
(2 years ago)
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ...
show more
Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226
show less
Bad Web Bot