๐จ๐ญ
backslash
2026-01-13 21:15:06
(5 months ago)
block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-12-29 18:39:43
(6 months ago)
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocross ...
show more
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:39:34.127274 2025] [security2:error] [pid 22841:tid 23001] [client 198.144.190.186:53269] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.kettlehill.net|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/index.php"] [unique_id "aVLK5rvqJPp5jxktaSFokQAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 11:55:17
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 198.144.190.186 (198-144-190-186-host.colocross ...
show more
(mod_security) mod_security (id:210730) triggered by 198.144.190.186 (198-144-190-186-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:55:13.232275 2025] [security2:error] [pid 18412:tid 18412] [client 198.144.190.186:35335] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.nbcnewsradio.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\windows\\\\win.ini"] [unique_id "aRXHIYPR3XJSDjF1xC7-VgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dayda.net
2024-12-04 13:46:23
(1 year ago)
s=5YyHeL%3CIMG%20%22%22%22%3E%3CIMG%20SRC=/%20onerror=%22alert(document.domain)%22%3E%3C/img%3E/l6U/
Bad Web Bot
Anonymous
2024-11-28 05:39:04
(1 year ago)
198.144.190.186 - - [28/Nov/2024:06:39:04 +0100] "GET /%5Cwindows/win.ini HTTP/1.1" 301 581 "-" "Moz ...
show more
198.144.190.186 - - [28/Nov/2024:06:39:04 +0100] "GET /%5Cwindows/win.ini HTTP/1.1" 301 581 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
...
show less
Hacking
๐บ๐ธ
TPI-Abuse
2024-11-26 23:30:50
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocross ...
show more
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:30:26.281247 2024] [security2:error] [pid 14708:tid 14894] [client 198.144.190.186:54359] [client 198.144.190.186] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.kettlehill.net|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /document.php?modulepart=project&file=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/document.php"] [unique_id "Z0ZaErZ-yNDsuHkwIgx2fwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Alejandro Docasar
2024-11-26 18:04:23
(1 year ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-09-03 18:38:48
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocross ...
show more
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:38:31.796299 2024] [security2:error] [pid 32646:tid 32646] [client 198.144.190.186:50905] [client 198.144.190.186] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.stdavids-media.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/index.php"] [unique_id "ZtdXp3-gXxLOa0EHl3wKtAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-08-26 23:06:38
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocross ...
show more
(mod_security) mod_security (id:211190) triggered by 198.144.190.186 (198-144-190-186-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 26 19:04:01.004726 2024] [security2:error] [pid 528637:tid 528962] [client 198.144.190.186:59877] [client 198.144.190.186] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||kettlehill.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/cgi-bin/kerbynet"] [unique_id "Zs0J4IkB5majaCFgrZAMDgAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
MAGIC
2024-08-17 17:02:26
(1 year ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐ฉ๐ช
ps-center
2024-07-15 18:12:47
(1 year ago)
SS1: Web Attack GET /.ssh/id_rsa
Web Spam
Hacking
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2024-06-27 13:00:45
(2 years ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
๐ช๐ธ
10dencehispahard SL
2024-05-08 07:00:43
(2 years ago)
Unauthorized login attempts []
Brute-Force
๐ช๐ธ
10dencehispahard SL
2024-05-08 06:40:31
(2 years ago)
Web Attack
DDoS Attack
Brute-Force
Web App Attack
๐ช๐ธ
10dencehispahard SL
2024-03-27 07:00:25
(2 years ago)
Unauthorized login attempts [ BI-16635]
Brute-Force