πΊπΈ
TPI-Abuse
2026-02-22 15:13:05
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 10:13:01.056434 2026] [security2:error] [pid 26976:tid 26999] [client 104.207.48.92:55069] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gryphix.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gryphix.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZsc_ZMemaz6VtkucG6jfQAAAAg"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-01-13 22:24:44
(4 months ago)
104.207.48.92 - - [13/Jan/2026:22:24:39 +0000] "GET /.env HTTP/1.1" 302 477 "-" "Mozilla/5.0 (Window ...
show more
104.207.48.92 - - [13/Jan/2026:22:24:39 +0000] "GET /.env HTTP/1.1" 302 477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
...
show less
Bad Web Bot
Web App Attack
π©πͺ
iNetWorker
2026-01-13 07:52:44
(4 months ago)
trolling for resource vulnerabilities
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-09 09:57:28
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 04:56:56.589847 2025] [security2:error] [pid 9791:tid 9791] [client 104.207.48.92:22829] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "register-yacht-france.com"] [uri "/.env"] [unique_id "aTfyaAtzhVHpzS9FyUHGtgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
myagent.site
2025-12-08 00:27:06
(5 months ago)
Blocking for trying to access an exploit file: /.env
Hacking
πΊπΈ
TPI-Abuse
2025-12-08 00:26:29
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 19:26:23.802187 2025] [security2:error] [pid 6264:tid 6264] [client 104.207.48.92:44333] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frame-sa.com"] [uri "/.env"] [unique_id "aTYbL8srRogKbH2a3Cie0AAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-07 15:42:53
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:42:49.228486 2025] [security2:error] [pid 4690:tid 4690] [client 104.207.48.92:27529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wilsontribe.org"] [uri "/.svn/wc.db"] [unique_id "aTWgeT_44JYP3-MBsU-eYQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
i-turnradio.nl
2025-12-06 21:58:28
(5 months ago)
2025-12-06 @ 22:58:28 (CET) ~ Blocked based on risk assessment and prior abuse reports
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-05 00:44:57
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 19:44:50.722523 2025] [security2:error] [pid 11666:tid 11666] [client 104.207.48.92:33001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guardiancns.com"] [uri "/.env"] [unique_id "aTIrAlWYcf9K2pQJdk4hYQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-05 00:27:14
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 19:26:57.266841 2025] [security2:error] [pid 10163:tid 10163] [client 104.207.48.92:24873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jbaycabs.com"] [uri "/.env"] [unique_id "aTIm0XOaj9DmrDz2SqQ4BAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-04 23:36:48
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 18:36:44.453603 2025] [security2:error] [pid 12694:tid 12694] [client 104.207.48.92:25267] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antoniorufino.com"] [uri "/.svn/wc.db"] [unique_id "aTIbDDip6OxFGS50AAgEQAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-26 08:17:18
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:17:12.518717 2025] [security2:error] [pid 20245:tid 20245] [client 104.207.48.92:22099] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.partybuswhistler.com"] [uri "/.svn/wc.db"] [unique_id "aSa3iJh8pfdfGcEbpeMCEgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π±π»
garmtech.com
2025-11-25 23:05:05
(6 months ago)
Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-25 05:09:51
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:09:45.674672 2025] [security2:error] [pid 4047:tid 4047] [client 104.207.48.92:9201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.thepercussionworks.com"] [uri "/.git/HEAD"] [unique_id "aSU6GblUd2bkliVORPuIDQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-11-25 03:03:47
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.48.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:03:42.494059 2025] [security2:error] [pid 7139:tid 7139] [client 104.207.48.92:14945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.tellyourstory.com"] [uri "/.git/HEAD"] [unique_id "aSUcjsX7x6D6zC9KwF03dAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack