๐บ๐ธ
TPI-Abuse
2026-02-01 12:00:46
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 07:00:38.841453 2026] [security2:error] [pid 483:tid 666] [client 82.21.245.70:39725] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/example.htaccess"] [unique_id "aX9AZgMxl-cQ0UzvOvSSCQAAAFQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-02 22:34:58
(6 months ago)
(mod_security) mod_security (id:210350) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:34:52.486499 2025] [security2:error] [pid 14149:tid 14149] [client 82.21.245.70:56653] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||mail.farmers123.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "mail.farmers123.com"] [uri "/mcp"] [unique_id "aS9pjCkPVD5hO_4am5cKEQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-12 10:59:08
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 05:59:00.698863 2025] [security2:error] [pid 2639:tid 2639] [client 82.21.245.70:42979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/.env.live"] [unique_id "aRRodNFtJnlcT_Y853KEXQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 15:03:20
(8 months ago)
(mod_security) mod_security (id:212620) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:212620) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:03:07.164991 2025] [security2:error] [pid 21347:tid 21353] [client 82.21.245.70:47285] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||ftp.kettlehill.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-login.php?login-error=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.com"] [uri "/wp-login.php"] [unique_id "aN1CqzQa5dHzoOSVGKqEugAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-22 19:38:35
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 15:38:17.254794 2025] [security2:error] [pid 7707:tid 7707] [client 82.21.245.70:37617] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||deandobkin.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "deandobkin.com"] [uri "/deandobkin.com/error.log"] [unique_id "aNGlqXbKgHyeios7QZc5OwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ฌ
raramos
2025-08-07 19:00:07
(10 months ago)
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed ...
show more
[SMB remote code execution attempt: port tcp/445]
in blocklist.de:'listed [pop3]'
in SpamCop:'listed'
in sorbs:'listed [web], [spam]'
in Unsubscore:'listed'
*(RWIN=8192)(04:10)
show less
Web Spam
Email Spam
Port Scan
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-01 06:29:31
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:29:23.803251 2025] [security2:error] [pid 3331488:tid 3331567] [client 82.21.245.70:39073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.htpasswd"] [unique_id "aIxewwesNFIDOFtp0dFTygAAAFY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-07-02 16:30:01
(11 months ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-06-01 06:54:42
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:54:33.690785 2025] [security2:error] [pid 2636838:tid 2636926] [client 82.21.245.70:59809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.staging.kettlehill.com"] [uri "/sftp-config.json"] [unique_id "aDv5KTvwu3ccjH5oiKEYAQAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-30 20:39:24
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 16:39:20.589583 2025] [security2:error] [pid 652020:tid 652020] [client 82.21.245.70:43197] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/web.config"] [unique_id "aDoXeHyDfcGnFwyd5-cCXgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-28 21:07:31
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 82.21.245.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 17:07:24.632979 2025] [security2:error] [pid 1914892:tid 1914892] [client 82.21.245.70:57963] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||farmers123.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "farmers123.com"] [uri "/admin/logs/errors.log"] [unique_id "aDd7DDCcLOnD9sbSPrWVJgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack