๐บ๐ธ
TPI-Abuse
2026-07-02 03:46:42
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 23:45:52.151502 2026] [security2:error] [pid 5651:tid 5742] [client 89.104.111.103:44945] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/wwwroot.db"] [unique_id "akXe8GzgLpI26a4sNutYjQAAAo4"], referer: http://ftp.kettlehill.com/wwwroot.db
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-01 01:48:05
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:46:00.914042 2026] [security2:error] [pid 11742:tid 12096] [client 89.104.111.103:35471] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.kettlehill.net|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.net"] [uri "/log/errors.log"] [unique_id "ahzkWFC4agaQG9FVRcmu5QAAAMc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Phenix Info
2026-02-26 05:33:41
(4 months ago)
SmallGuard.fr/Prestashop Massive 403
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 11:57:23
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:57:13.887371 2026] [security2:error] [pid 483:tid 649] [client 89.104.111.103:37301] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.com"] [uri "/sample.htaccess"] [unique_id "aX8_mQMxl-cQ0UzvOvSQXQAAAEM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-14 21:00:23
(6 months ago)
| Common web attack.
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-01 05:52:39
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:52:30.648243 2025] [security2:error] [pid 25213:tid 25289] [client 89.104.111.103:35975] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kettlehill.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/privatekey.key"] [unique_id "aS0tHhbartSq97dN_O13iAAAAMg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-01 15:03:43
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 89.104.111.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 11:03:35.377095 2025] [security2:error] [pid 8590:tid 8609] [client 89.104.111.103:38135] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.net|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/main.php.bak"] [unique_id "aQYhR3l6EaMmM6sQysSeugAAAME"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-05-14 21:23:48
(1 year ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2024-04-07 17:47:45
(2 years ago)
fail2ban apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [uri "/"]
Web App Attack
๐บ๐ธ
MPL
2024-04-02 23:49:15
(2 years ago)
tcp/443 (8 or more attempts)
Port Scan
๐บ๐ธ
MPL
2024-04-02 23:49:15
(2 years ago)
tcp/443 (4 or more attempts)
Port Scan
๐บ๐ธ
MPL
2024-04-02 04:34:49
(2 years ago)
tcp/443 (4 or more attempts)
Port Scan
๐บ๐ธ
MPL
2024-04-02 04:34:49
(2 years ago)
tcp/443 (8 or more attempts)
Port Scan
๐บ๐ธ
MPL
2024-04-01 20:06:44
(2 years ago)
tcp/443 (12 or more attempts)
Port Scan
๐ฆ๐บ
advena
2024-02-07 17:00:58
(2 years ago)
89.104.111.103 (AS203020 HOSTROYALE) was intercepted at 2024-02-07T16:59:10Z after violating WAF dir ...
show more
89.104.111.103 (AS203020 HOSTROYALE) was intercepted at 2024-02-07T16:59:10Z after violating WAF directive: country. Pre-cautionary/corrective action applied: block.
show less
Web Spam
Hacking
Brute-Force
Web App Attack