|
πͺπΈ
MrPcap
|
|
This ip was performing XSS attacks.
|
Port Scan
Web App Attack
Hacking
|
|
|
πΈπͺ
NordhTech
|
|
More than 3 malicious connection attempts, trying port(s) 3128/tcp, then blocked from services ...
|
Port Scan
Hacking
|
|
|
π«π·
bigorre.org
|
|
Excessive crawling : exceed crawl-delay defined in robots.txt
|
Bad Web Bot
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 16:56:40.371283 2026] [security2:error] [pid 108290:tid 108290] [client 38.225.15.189:53497] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/.env.backup"] [unique_id "adbBCOeUCWaslj36wVoQNQAAABU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:24:58.290102 2026] [security2:error] [pid 27385:tid 27405] [client 38.225.15.189:39153] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?__kubio-site-edit-iframe-preview=1&__kubio-site-edit-iframe-classic-template=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/"] [unique_id "aaSgmg3DRlze-QqtecCiCwAAAYw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 10:54:31.092662 2026] [security2:error] [pid 1651:tid 1651] [client 38.225.15.189:45721] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env.dev"] [unique_id "aWpfNxIHb-t8sgt68Uw0XQAAAA8"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:48:30.945703 2025] [security2:error] [pid 26090:tid 26460] [client 38.225.15.189:58897] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/site.sql"] [unique_id "aS0sLgqR0geke5MRGl4EAQAAAI4"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:44:15.216728 2025] [security2:error] [pid 24799:tid 24799] [client 38.225.15.189:38259] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/sample.htaccess"] [unique_id "aQFVTz41BPzz5PfbFOj_SAAAAA8"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210580) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210580) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:48:24.617328 2025] [security2:error] [pid 30110:tid 30161] [client 38.225.15.189:53767] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:local-destination-id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||kettlehill.com|F|2"] [data "Matched Data: etc/passwd found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "kettlehill.com"] [uri "/wp-admin/admin-post.php"] [unique_id "aN1NSMkWrLLgoGKIU58lyAAAAdA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
π³π±
exxos
|
|
Attacks with Bad user agents
|
Hacking
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:212750) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212750) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:49:21.173603 2025] [security2:error] [pid 3331491:tid 3331527] [client 38.225.15.189:34295] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||kettlehill.com|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?s=<img src=x onerror=alert(123);>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.com"] [uri "/"] [unique_id "aIxjcVQiAcb55uv05QowHgAAAkk"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210580) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210580) triggered by 38.225.15.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:32:20.785969 2025] [security2:error] [pid 2256136:tid 2256216] [client 38.225.15.189:58263] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:field. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||mail.kettlehill.com|F|2"] [data "Matched Data: etc/passwd found within ARGS:field: field:exec:head -1 /etc/passwd:null:null"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "mail.kettlehill.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aDvl5LVUnYIqO9hNDIS3NwAAAIw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
| Common web attack.
|
Hacking
SQL Injection
Web App Attack
|
|