๐ซ๐ท
Thaliruth
2026-07-02 16:22:55
(1 week ago)
[02/Jul/2026:18:22:55.293793 +0200] akaQX2l1LbJensN9fn4j4QAAABc 217.69.127.166 52468 127.0.0.1 7081
...
show more
[02/Jul/2026:18:22:55.293793 +0200] akaQX2l1LbJensN9fn4j4QAAABc 217.69.127.166 52468 127.0.0.1 7081
...
show less
Hacking
๐ต๐น
Subnet Shadow Specter
2026-06-26 15:30:46
(1 week ago)
[Security] [Category: Bot Masquerading] FCrDNS mismatch detected. [IP Address]: 217.69.127.166 claim ...
show more
[Security] [Category: Bot Masquerading] FCrDNS mismatch detected. [IP Address]: 217.69.127.166 claimed a fake identity but failed forward-confirmed reverse DNS verification. Automated scraping via spoofed User-Agent `compatible; Googlebot/2.1`. [Action]: IP block initiated; permanent ban applied. [User-Agent]: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) [Date]: 2026-06-26 16:30:45 UTC.
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
security.yc3a.com
2026-04-10 11:54:11
(2 months ago)
217.69.127.166 - - [10/Apr/2026:11:09:06 +0000] "GET /api/images/ HTTP/2.0" 401 16 "-" "Mozilla/5.0 ...
show more
217.69.127.166 - - [10/Apr/2026:11:09:06 +0000] "GET /api/images/ HTTP/2.0" 401 16 "-" "Mozilla/5.0 (Linux; Android 9; INE-LX2r) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Mobile Safari/537.36"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-01 06:24:43
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:24:37.527105 2025] [security2:error] [pid 27471:tid 27495] [client 217.69.127.166:49191] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.env.prod.local"] [unique_id "aS00pXLXOKC0tXS7y0kpwgAAAIc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-29 01:10:14
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 21:10:08.815667 2025] [security2:error] [pid 6291:tid 6291] [client 217.69.127.166:58165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.nbcnewsradio.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/php_errors.log"] [unique_id "aQFpcIu1qRoPNPszFEMGPgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 18:06:32
(9 months ago)
(mod_security) mod_security (id:210350) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 14:06:27.213164 2025] [security2:error] [pid 14803:tid 14810] [client 217.69.127.166:34999] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.staging.kettlehill.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "staging.kettlehill.com"] [uri "/mcp"] [unique_id "aN1tox3GBio1fk4ARmS62gAAAMQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Alejandro Docasar
2024-11-27 21:40:39
(1 year ago)
Web App Attack
๐ฉ๐ช
ps-center
2024-11-27 02:53:00
(1 year ago)
SS1: Web Attack GET /admin/errors.log
Web Spam
Hacking
Bad Web Bot
Web App Attack
Anonymous
2024-10-27 03:20:05
(1 year ago)
| Shellshock attack detected
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-27 02:29:50
(1 year ago)
(mod_security) mod_security (id:211190) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:211190) triggered by 217.69.127.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:29:37.393046 2024] [security2:error] [pid 12545:tid 12606] [client 217.69.127.166:45785] [client 217.69.127.166] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wavemaker/studioService.download"] [unique_id "Zx2lkT4Zp7GZDS7DVHfcVgAAAUA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
MAGIC
2024-10-25 09:05:04
(1 year ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-09-07 01:09:28
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ธ๐ฌ
oncord
2024-08-27 06:19:35
(1 year ago)
Form spam
Web Spam
๐ธ๐ฌ
oncord
2024-08-13 08:46:16
(1 year ago)
Form spam
Web Spam