๐ซ๐ท
dynamix
2026-06-30 23:36:09
(1 week ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 22:29:59
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 18:29:51.019865 2026] [security2:error] [pid 1655:tid 1655] [client 114.98.230.118:40789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.sawted.com"] [uri "/.env"] [unique_id "akRDX7X-SFF768KeOSAkAQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-06-30 21:17:11
(1 week ago)
Web attack/malicious scanning detected
Web App Attack
๐ฎ๐ฉ
soc-yk
2026-06-30 18:54:12
(1 week ago)
Type: suspicious_network_activity
Risk: 100
Events: 12
Evidence:
- Persistent suspicious network ac ...
show more
Type: suspicious_network_activity
Risk: 100
Events: 12
Evidence:
- Persistent suspicious network activity detected
- Repeated hostile operational behavior observed
- Threat escalation behavior observed
show less
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 18:46:03
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 14:45:59.395092 2026] [security2:error] [pid 24342:tid 24360] [client 114.98.230.118:43967] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "peoplewithai.bertdecoutere.name"] [uri "/.env.production"] [unique_id "akQO58cGxBDASH7IXCQmYwAAAU8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 18:23:56
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2026-06-30 16:20:03
(1 week ago)
| Suspicious URL access.
Web App Attack
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-06-30 16:12:14
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:12:09.489320 2026] [security2:error] [pid 19613:tid 19613] [client 114.98.230.118:34130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pnp42.com.grancanariaholidays.com"] [uri "/.env.tmp"] [unique_id "akPq2VcVRLVfwcuoz9k0UQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 15:50:52
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:50:46.232718 2026] [security2:error] [pid 19204:tid 19204] [client 114.98.230.118:39079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drkerryklett.com"] [uri "/.env.sample"] [unique_id "akPl1oPoZKwgzpLvbBskHAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 15:17:57
(1 week ago)
(mod_security) mod_security (id:949110) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:17:51.004925 2026] [security2:error] [pid 31274:tid 31274] [client 114.98.230.118:44819] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ugandaconnection.com"] [uri "/.env.bak"] [unique_id "akPeH1E7T2dkrV3ctX4JHwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 14:43:05
(1 week ago)
Bot / scanning and/or hacking attempts: GET /.envrc HTTP/1.1
Hacking
Web App Attack
Anonymous
2026-06-30 14:08:09
(1 week ago)
(caddyscan) Scanner path probe from 114.98.230.118 (CN/China/-): 5 in the last 3600 secs; Ports: *; ...
show more
(caddyscan) Scanner path probe from 114.98.230.118 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 114.98.230.118 - - [30/Jun/2026:14:07:57 +0000] "GET /.env.production.local HTTP/1.1"
[REDACTED] 200 2627 114.98.230.118 - - [30/Jun/2026:14:07:57 +0000] "GET /.env.development.local HTTP/1.1"
[REDACTED] 200 2627 114.98.230.118 - - [30/Jun/2026:14:07:59 +0000] "GET /.env.test.local HTTP/1.1"
[REDACTED] 200 2627 114.98.230.118 - - [30/Jun/2026:14:08:03 +0000] "GET /app/.env HTTP/1.1"
[REDACTED] 200 2627 114.98.230.118 - - [30/Jun/2026:14:08:04 +0000] "GET /src/.env HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-30 13:39:21
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:39:16.046115 2026] [security2:error] [pid 17188:tid 17188] [client 114.98.230.118:45084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lavahotspringsrealestate.com.bonefrog.com"] [uri "/.env.staging"] [unique_id "akPHBN1AhDSlBkw2fQflygAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 12:10:55
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:10:47.195872 2026] [security2:error] [pid 11386:tid 11386] [client 114.98.230.118:37301] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.drillworkscr.com"] [uri "/.env.test.local"] [unique_id "akOyR0ucxlqjbfksC55TnQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 11:26:24
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 114.98.230.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 07:26:16.967511 2026] [security2:error] [pid 3224:tid 3224] [client 114.98.230.118:43095] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||popolegal.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "popolegal.com"] [uri "/config/master.key"] [unique_id "akOn2C4F1Wuy6i48Vx2AbQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack