๐บ๐ธ
TPI-Abuse
2026-07-17 16:26:14
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 12:26:10.474214 2026] [security2:error] [pid 21809:tid 21809] [client 121.11.108.43:54662] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dolphin-view.com"] [uri "/.env.local"] [unique_id "alpXonG2iJBNepKjaT5TcAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-17 15:15:02
(1 day ago)
trying wp-login.php/xmlrpc.php 35 times in 1 minutes
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-17 13:38:13
(1 day ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:15:32
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:15:27.378679 2026] [security2:error] [pid 3465914:tid 3465914] [client 121.11.108.43:42475] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jwilder.com"] [uri "/.env.local"] [unique_id "aloq7zOukFackWEVQixNDwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:46:59
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:46:54.610070 2026] [security2:error] [pid 32074:tid 32074] [client 121.11.108.43:46100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grayhost.net"] [uri "/.env.development"] [unique_id "aloWLsWN94dcxG7Kq7ASiQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
pixiekat
2026-07-17 11:12:08
(1 day ago)
[Fri Jul 17 12:12:06.870668 2026] [security2:error] [pid 1354942:tid 1355017] [client 121.11.108.43: ...
show more
[Fri Jul 17 12:12:06.870668 2026] [security2:error] [pid 1354942:tid 1355017] [client 121.11.108.43:57063] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "spacecadetgrrl.me"] [uri "/.env"] [unique_id "aloOBqHbrTxgfN78dbmxdwAAAFQ"]
[Fri Jul 17 12:12:07.321783 2026] [security2:error] [pid 1354942:tid 1355021] [client 121.11.108.43:57063] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-evaluation"] [
...
show less
Web App Attack
Anonymous
2026-07-17 08:35:50
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:54:47
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:54:39.835827 2026] [security2:error] [pid 392149:tid 392149] [client 121.11.108.43:34272] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ryntech.avmcyber.com"] [uri "/.env.staging"] [unique_id "alnRr-I8AntX974vMZFDkQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:58:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:58:14.644844 2026] [security2:error] [pid 142368:tid 142368] [client 121.11.108.43:57696] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theblindmantylertx.com"] [uri "/.env.prod"] [unique_id "almaRp2THWR8q-CPnT2n-gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:39:17
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:39:12.065084 2026] [security2:error] [pid 28561:tid 28561] [client 121.11.108.43:48500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwars.net"] [uri "/.env.test.local"] [unique_id "almV0Ov_ggaPH4asTgL-WAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
mediarama.com
2026-07-17 02:22:57
(1 day ago)
Banned by Fail2Ban
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:49:23
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:49:18.332714 2026] [security2:error] [pid 774694:tid 774694] [client 121.11.108.43:55747] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.powerlessons.net.rejuvenationsystems.com"] [uri "/.env.bak"] [unique_id "almKHlX250wnPa7BSJ1QjwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
wsyq
2026-07-17 01:17:24
(1 day ago)
Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource
...
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 00:49:45
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:49:38.936782 2026] [security2:error] [pid 32217:tid 32217] [client 121.11.108.43:37418] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "preskitpc.com"] [uri "/.env.test"] [unique_id "all8IuuRFjXqMrX1k7aUgQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 21:56:46
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.11.108.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:56:38.109291 2026] [security2:error] [pid 19212:tid 19212] [client 121.11.108.43:42816] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "astglobaltech.com"] [uri "/.env"] [unique_id "allTlqwPQX04cn2xKtCNRgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack