๐บ๐ธ
TPI-Abuse
2026-07-02 04:47:49
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 00:47:43.783617 2026] [security2:error] [pid 24091:tid 24191] [client 139.5.105.168:45767] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/main.php.bak"] [unique_id "akXtb9CAl3_9ufpTltjXBAAAAMU"], referer: http://www.kettlehill.com/main.php.bak
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
xmission.com
2026-06-03 23:59:50
(1 month ago)
Blocked by UFW (TCP on 8443)
Source port: 44595
TTL: 54
Packet length: 60
TOS: 0x00
This report (fo ...
show more
Blocked by UFW (TCP on 8443)
Source port: 44595
TTL: 54
Packet length: 60
TOS: 0x00
This report (for 139.5.105.168) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-01 02:08:21
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:08:11.208279 2026] [security2:error] [pid 12707:tid 12734] [client 139.5.105.168:38257] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.kettlehill.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/localhost.key"] [unique_id "ahzpi_r1zQOtbkd9viUoEAAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-28 10:30:02
(1 month ago)
| SQL injection attempt.
Web App Attack
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-02-01 11:55:37
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:55:30.944245 2026] [security2:error] [pid 16721:tid 16865] [client 139.5.105.168:35971] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/footer.php.bak"] [unique_id "aX8_MrZSDMB2xJcUTnRlkQAAAoI"], referer: https://www.kettlehill.com/footer.php.bak
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2025-12-25 14:55:01
(6 months ago)
Web bot: DDoS
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-11-08 19:37:39
(8 months ago)
(mod_security) mod_security (id:212620) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 14:37:34.570866 2025] [security2:error] [pid 8079:tid 8079] [client 139.5.105.168:46269] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /?ggotqnml=<script>alert(\\x22xss\\x22);</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aQ-b_kQ1N004haENlvONjQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 17:50:14
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:50:07.116058 2025] [security2:error] [pid 14803:tid 14809] [client 139.5.105.168:40139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".com.key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/kettlehill.com.key"] [unique_id "aN1pzx3GBio1fk4ARmSzsgAAAMM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2025-08-18 09:39:05
(10 months ago)
WP probing for vulnerabilities
Hacking
Exploited Host
๐บ๐ธ
TPI-Abuse
2025-08-01 07:14:38
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:14:31.524263 2025] [security2:error] [pid 3705323:tid 3705357] [client 139.5.105.168:45841] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/admin/errors.log"] [unique_id "aIxpV1SqWoxQtnj67bcIuQAAAFI"], referer: https://www.kettlehill.com/admin/errors.log
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 07:34:12
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 139.5.105.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 03:34:07.152580 2025] [security2:error] [pid 2749697:tid 2749810] [client 139.5.105.168:41435] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.staging.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "staging.kettlehill.com"] [uri "/admin/errors.log"] [unique_id "aDwCb2zUxJS8AZi9Bz3f9QAAAEs"]
show less
Brute-Force
Bad Web Bot
Web App Attack