๐ฉ๐ช
Sรฉfora Srl
2026-07-18 11:02:32
(1 day ago)
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ...
show more
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail
show less
Bad Web Bot
๐ฌ๐ง
OptimusGO
2026-06-17 04:11:50
(1 month ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-06-17 05:11:50 UTC
Log evidence:
06/17/2026-05:11:49.722202 [**] [1:1000103:1] SECURITY Management Port Probe - CRITICAL [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 141.101.98.200:12668 -> 185.127.18.66:8443
show less
Port Scan
Brute-Force
๐ฌ๐ง
sc user
2026-04-10 05:17:30
(3 months ago)
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad ...
show more
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad bot behaviour. Technical log details and local server identifiers intentionally omitted for privacy.
show less
Bad Web Bot
Web App Attack
Port Scan
๐บ๐ธ
TPI-Abuse
2026-04-08 23:47:25
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 19:47:15.308992 2026] [security2:error] [pid 3036915:tid 3036915] [client 141.101.98.200:11986] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.tomorrowsdust.net"] [uri "/config/.env.local"] [unique_id "adbpA_Xx3tJPaUUPp4hg4QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 23:13:10
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 19:13:02.630032 2026] [security2:error] [pid 3926584:tid 3926584] [client 141.101.98.200:11388] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.correlationdesign.com"] [uri "/.env.dev"] [unique_id "adbg_rbOQUb2THnpbLDqigAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 21:58:17
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 17:58:10.575058 2026] [security2:error] [pid 2442086:tid 2442086] [client 141.101.98.200:10737] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.polymermembranes.com"] [uri "/.env.staging"] [unique_id "adbPcnUcrDi6K8w-ii87CgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 18:25:11
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 14:25:05.266667 2026] [security2:error] [pid 3023730:tid 3023730] [client 141.101.98.200:12021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.globalvillagecambodia.org"] [uri "/.env.local"] [unique_id "adadgU1RqCN3vZKsW9ZWmAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 11:27:53
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 07:27:47.292467 2026] [security2:error] [pid 2408035:tid 2408035] [client 141.101.98.200:11462] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.yongmeihu.com"] [uri "/.env.bak"] [unique_id "adY7s6BRVV473-_z7Xpe3wAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 09:44:27
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 05:44:21.296546 2026] [security2:error] [pid 2615817:tid 2615817] [client 141.101.98.200:9883] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.l39capital.com"] [uri "/.env_settings"] [unique_id "adYjdfk6SoNNcajWEs6ZjgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 09:23:27
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 05:23:03.522019 2026] [security2:error] [pid 2135940:tid 2135940] [client 141.101.98.200:10413] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.linuxforpoets.com"] [uri "/.env.local.backup"] [unique_id "adYedyME2gOYrZbziyrewQAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
sc user
2026-04-08 05:42:44
(3 months ago)
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad ...
show more
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad bot behaviour. Technical log details and local server identifiers intentionally omitted for privacy.
show less
Bad Web Bot
Web App Attack
Port Scan
๐บ๐ธ
TPI-Abuse
2026-04-08 04:25:26
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 00:25:02.427497 2026] [security2:error] [pid 1803349:tid 1803349] [client 141.101.98.200:13996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.sidsales.com"] [uri "/.env~"] [unique_id "adXYns764EKYVLlBrVp4AwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 04:08:13
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 00:08:02.232545 2026] [security2:error] [pid 1813211:tid 1813211] [client 141.101.98.200:10795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.depololaw.com"] [uri "/.env.test"] [unique_id "adXUohxLo__5q6udx4TMMwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 00:03:25
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 20:03:15.327715 2026] [security2:error] [pid 2880021:tid 2880021] [client 141.101.98.200:13256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.estellenussbaum.com"] [uri "/.env.staging"] [unique_id "adWbQ_1uxdTo9hVdHScYCgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-07 23:25:31
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.98.200 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 19:25:16.749936 2026] [security2:error] [pid 1930417:tid 1930417] [client 141.101.98.200:12158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gslministries.com"] [uri "/.env_settings"] [unique_id "adWSXMXjBb8lHxG_KT4T-AAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack