๐บ๐ธ
TPI-Abuse
2026-07-02 04:24:49
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 00:24:45.356514 2026] [security2:error] [pid 20267:tid 20293] [client 119.12.204.61:37913] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/admin/logs/error.log"] [unique_id "akXoDd2jdzrSfO20vrEI3QAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-01 02:26:11
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:26:05.823087 2026] [security2:error] [pid 12707:tid 12718] [client 119.12.204.61:41331] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/application/logs/default.log"] [unique_id "ahztvfr1zQOtbkd9viUuBQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-01 20:07:19
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:07:11.584446 2026] [security2:error] [pid 27385:tid 27393] [client 119.12.204.61:44059] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".com.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/kettlehill.com.sql"] [unique_id "aaScbw3DRlze-QqtecCYFAAAAYA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-01 06:25:46
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:25:42.763008 2025] [security2:error] [pid 30768:tid 30783] [client 119.12.204.61:38967] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.env.dev"] [unique_id "aS005v5kVQ-rlVW6wYRxNwAAAUs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 18:33:32
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 14:33:26.365569 2025] [security2:error] [pid 14803:tid 14820] [client 119.12.204.61:40937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/.env.live"] [unique_id "aN1z9h3GBio1fk4ARmTHFgAAAM4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ฌ
raramos
2025-08-07 19:00:07
(11 months ago)
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed ...
show more
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed'
in sorbs:'listed [web], [spam]'
in Unsubscore:'listed'
*(RWIN=8192)(04:10)
show less
Web Spam
Email Spam
Port Scan
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 06:59:16
(11 months ago)
(mod_security) mod_security (id:212750) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212750) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:59:10.644331 2025] [security2:error] [pid 3331447:tid 3331457] [client 119.12.204.61:38343] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||www.staging.kettlehill.com|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /resumes/?s=\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.staging.kettlehill.com"] [uri "/resumes/"] [unique_id "aIxlvlSZjg6lcpTf51ZuXgAAAYY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-06-05 17:00:07
(1 year ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 21:47:43
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 17:47:40.989950 2025] [security2:error] [pid 3315376:tid 3315376] [client 119.12.204.61:39561] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.nbcnewsradio.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\windows\\\\win.ini"] [unique_id "aDzKfFuWnqfTg4pDutdtCgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 06:56:06
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 119.12.204.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:55:59.066431 2025] [security2:error] [pid 2762044:tid 2762050] [client 119.12.204.61:42023] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/logs/error.log"] [unique_id "aDv5fwlM7g4oxUkvwMwEqwAAAMQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack