πΊπΈ
TPI-Abuse
2026-06-01 02:28:33
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:28:24.415191 2026] [security2:error] [pid 12707:tid 12733] [client 94.46.206.119:37613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/a.htaccess"] [unique_id "ahzuSPr1zQOtbkd9viUvNwAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
el-brujo
2026-04-13 07:22:48
(1 month ago)
Cloudflare WAF: Request Path: /diseno_grafico/buenas_a_ver_quien_me_puede_ayudar_para_crear_una_firm ...
show more
Cloudflare WAF: Request Path: /diseno_grafico/buenas_a_ver_quien_me_puede_ayudar_para_crear_una_firma_de_600x150_pixeles-t149988.0.html;msg713421 Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallCustom ASN Description: HOSTROYALE Country: ES Method: GET Timestamp: 2026-04-13T07:22:48Z ruleId: 561d6e73a48e41d18a1a014356a284e1. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB).
show less
Hacking
SQL Injection
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-02 22:14:21
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:14:16.640573 2025] [security2:error] [pid 19943:tid 19943] [client 94.46.206.119:51037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.farmers123.com"] [uri "/a.htaccess"] [unique_id "aS9kuBDi4QixuGWXB-EN-gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-01 05:53:40
(6 months ago)
(mod_security) mod_security (id:212620) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:53:22.163161 2025] [security2:error] [pid 26090:tid 26463] [client 94.46.206.119:47085] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.kettlehill.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /wpdmpro/list-packages/?orderby=title\\x22><script>alert(1)</script>&order=asc"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.com"] [uri "/wpdmpro/list-packages/"] [unique_id "aS0tUgqR0geke5MRGl4JZwAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-10-28 23:26:47
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:26:41.357936 2025] [security2:error] [pid 11078:tid 11078] [client 94.46.206.119:43029] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nbcnewsradio.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/error.log"] [unique_id "aQFRMXaDN9WRzK3n5CsQDQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-10-01 15:03:51
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:03:46.695158 2025] [security2:error] [pid 9487:tid 9519] [client 94.46.206.119:47175] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-config.php.orig"] [unique_id "aN1C0kvyOqnYEaX7Ie4cKAAAAMo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-10-01 13:30:02
(8 months ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
2025-08-18 06:50:02
(9 months ago)
suspicious request in access.log
Web App Attack
πΈπ¬
raramos
2025-08-07 19:00:07
(9 months ago)
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed ...
show more
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed'
in sorbs:'listed [web], [spam]'
in Unsubscore:'listed'
*(RWIN=8192)(04:10)
show less
Web Spam
Email Spam
Port Scan
Hacking
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2025-08-01 08:56:11
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 04:56:08.148300 2025] [security2:error] [pid 3904814:tid 3904930] [client 94.46.206.119:37179] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/.htpasswd"] [unique_id "aIyBKF6-dT8nKLZzIg5ZOAAAAIE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-05-30 19:41:18
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.46.206.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 15:41:14.363005 2025] [security2:error] [pid 580828:tid 580828] [client 94.46.206.119:57377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.nbcnewsradio.com"] [uri "/sftp-config.json"] [unique_id "aDoJ2kcuBqv8KwixvPKikAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack