Anonymous
2026-07-10 21:54:17
(20 hours ago)
Malicious activity detected
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-17 00:17:39
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:17:21.569222 2026] [security2:error] [pid 22343:tid 22343] [client 198.37.121.55:35091] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/sftp-config.json"] [unique_id "aWrVESp3RseVwFhZyRGeBwAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 18:39:12
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:38:58.440073 2025] [security2:error] [pid 22838:tid 22922] [client 198.37.121.55:52361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/.env.live"] [unique_id "aVLKwuHXaA_hkms52yNrxQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 08:59:12
(7 months ago)
(mod_security) mod_security (id:212620) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:58:32.607798 2025] [security2:error] [pid 4338:tid 4338] [client 198.37.121.55:49945] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /phpmyadmin/setup/index.php?page=servers&mode=test&id=\\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/phpmyadmin/setup/index.php"] [unique_id "aRWduBsclL7-TKMp2l5n1wAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-01 14:24:20
(8 months ago)
(mod_security) mod_security (id:217200) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:217200) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:24:11.420152 2025] [security2:error] [pid 27531:tid 27557] [client 198.37.121.55:43895] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||kettlehill.com:443|F|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.com"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aQYYC32WO2IkxYJ6zsL-rwAAARg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-05 11:35:02
(10 months ago)
Malicious activity detected
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-27 00:27:08
(11 months ago)
(mod_security) mod_security (id:221260) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:221260) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:26:59.032239 2025] [security2:error] [pid 172226:tid 172445] [client 198.37.121.55:53625] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||autodiscover.kettlehill.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.kettlehill.net"] [uri "/cgi-bin/status"] [unique_id "aIVyU36EtJKYjh039GtBGQAAAIY"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฟ
lp
2025-06-01 18:21:02
(1 year ago)
Unauthorized VPN login attempts: 4 attempts were recorded from 198.37.121.55
2025-06-01T18:50:21+02: ...
show more
Unauthorized VPN login attempts: 4 attempts were recorded from 198.37.121.55
2025-06-01T18:50:21+02:00 vpn Access-Reject 'czouxstam07' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-06-01T18:58:03+02:00 vpn Access-Reject 'vse_c' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-06-01T19:36:44+02:00 vpn Access-Reject 'vsec' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-06-01T20:08:16+02:00 vpn Access-Reject 'h-saldova' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
๐จ๐ฟ
lp
2025-06-01 12:21:01
(1 year ago)
Unauthorized VPN login attempts: 2 attempts were recorded from 198.37.121.55
2025-06-01T13:56:13+02: ...
show more
Unauthorized VPN login attempts: 2 attempts were recorded from 198.37.121.55
2025-06-01T13:56:13+02:00 vpn Access-Reject 'jana-bedrichova' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-06-01T13:56:51+02:00 vpn Access-Reject 'chytilovah' station: 198.37.121.55 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
๐จ๐ฆ
wil.com
2025-05-31 19:41:46
(1 year ago)
GlobalProtect login attempts with user comw.
VPN IP
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-05-29 22:31:30
(1 year ago)
(mod_security) mod_security (id:221260) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:221260) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 18:31:22.393878 2025] [security2:error] [pid 3652606:tid 3652606] [client 198.37.121.55:48485] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||cpcontacts.farmers123.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/debug.cgi"] [unique_id "aDjgOk11QeUpvThfkDQnrwAAAAs"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-04 08:37:47
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 198.37.121.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 04 04:37:35.123521 2025] [security2:error] [pid 3760538:tid 3760538] [client 198.37.121.55:50291] [client 198.37.121.55] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.nbcnewsradio.com"] [uri "/.env.save"] [unique_id "aBcnTxgPQNz7ClxdToF69AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-02-02 01:40:03
(1 year ago)
| Shellshock attack attempt
Hacking
SQL Injection
Web App Attack