๐บ๐ธ
TPI-Abuse
2026-07-02 04:20:53
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 00:20:08.461296 2026] [security2:error] [pid 24244:tid 24269] [client 119.12.201.44:42905] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.net|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/windows/win.ini"] [unique_id "akXm-MVqafY74aTf9-BTdAAAAkM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
MrPcap
2026-06-29 08:30:00
(5 days ago)
This ip was performing XSS attacks.
Port Scan
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-01 01:48:18
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:46:02.730469 2026] [security2:error] [pid 11742:tid 12089] [client 119.12.201.44:43327] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/logs/error.log"] [unique_id "ahzkWlC4agaQG9FVRcmvBwAAAMA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-31 09:40:05
(1 month ago)
| Common web attack.
Web App Attack
Hacking
SQL Injection
Anonymous
2026-05-11 23:00:13
(1 month ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 15:35:26
(9 months ago)
(mod_security) mod_security (id:211190) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:34:59.448550 2025] [security2:error] [pid 30110:tid 30164] [client 119.12.201.44:38121] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "aN1KI8kWrLLgoGKIU58e7AAAAdM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2025-08-18 09:38:55
(10 months ago)
WP probing for vulnerabilities
Hacking
Exploited Host
๐บ๐ธ
TPI-Abuse
2025-08-01 06:32:23
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:32:19.716013 2025] [security2:error] [pid 3331491:tid 3331522] [client 119.12.201.44:45481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.git/config"] [unique_id "aIxfc1QiAcb55uv05QonYQAAAkQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 21:36:12
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 17:36:05.645028 2025] [security2:error] [pid 3305221:tid 3305221] [client 119.12.201.44:36741] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.nbcnewsradio.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/..../..../..../..../..../..../..../..../..../windows/win.ini"] [unique_id "aDzHxfPvwNBlxuiUfEzLlwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 06:57:52
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.201.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:57:45.013736 2025] [security2:error] [pid 2636838:tid 2636931] [client 119.12.201.44:36611] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.net|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/www.kettlehill.net/errors.log"] [unique_id "aDv56Tvwu3ccjH5oiKEYlAAAAJY"]
show less
Brute-Force
Bad Web Bot
Web App Attack