๐บ๐ธ
rwgomes
2026-07-03 16:00:01
(1 hour ago)
Automated report from Intelligence Finance Tools. IP probed malicious path: /vendor/phpunit/phpunit/ ...
show more
Automated report from Intelligence Finance Tools. IP probed malicious path: /vendor/phpunit/phpunit/phpunit.xsd. No such resource exists on this server.
show less
Web App Attack
Hacking
๐จ๐ฆ
internetworld
2026-07-03 13:30:50
(3 hours ago)
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from interne ...
show more
internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from internetworld.ca server security monitoring.
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 12:25:13
(4 hours ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 08:24:59.309246 2026] [security2:error] [pid 7326:tid 7326] [client 155.2.216.28:36185] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vaxd.org|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vaxd.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akeqG7ofrAGWEh1Sd1Y8VwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 10:51:18
(6 hours ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:51:11.585326 2026] [security2:error] [pid 14962:tid 15009] [client 155.2.216.28:26855] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.docdalton.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.docdalton.com"] [uri "/team.html/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "akeUH-Uaa_0tprgyA3JZWQAAAEw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
SentinalX by uzumaru
2026-07-02 07:40:29
(1 day ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: icanhazip.com:443
show less
Open Proxy
Port Scan
๐ฉ๐ช
FeG Deutschland
2026-06-20 17:13:23
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฏ๐ต
demonsword
2026-06-19 12:25:46
(2 weeks ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.ipify.org:443
show less
Open Proxy
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-06 07:45:04
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 03:44:58.617264 2026] [security2:error] [pid 25167:tid 25167] [client 155.2.216.28:40067] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.wavecomputers.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.wavecomputers.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aiPP-oepLr4XcDYEMIfWqQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-24 14:14:23
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 10:14:16.521881 2026] [security2:error] [pid 26070:tid 26078] [client 155.2.216.28:36627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newyorkgazette.com"] [uri "/.env"] [unique_id "ahMHuMsCHxypWDJQmvXcnwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
SentinalX by uzumaru
2026-05-22 04:39:50
(1 month ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ifconfig.me:443
show less
Open Proxy
Port Scan
๐ฑ๐ป
garmtech.com
2026-05-21 09:30:16
(1 month ago)
IM360 WAF: Laravel Apps Leaking Secrets exploit attempt MV:androxgh0st
Web App Attack
๐ฑ๐ป
garmtech.com
2026-05-21 03:40:10
(1 month ago)
IM360 WAF: Direct access to sensitive file or dotfile MV:/.env
Web App Attack
๐บ๐ธ
Lee Daniel
2026-05-15 22:54:41
(1 month ago)
155.2.216.28 - - [15/May/2026:18:54:41 -0400] "GET /.env HTTP/1.1" 403 0 "-" "-"
...
DDoS Attack
Web Spam
Email Spam
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-14 10:24:53
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 06:24:46.251705 2026] [security2:error] [pid 25089:tid 25089] [client 155.2.216.28:23135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sargous.com"] [uri "/.env"] [unique_id "agWi7uXfo53mb1YiFLcAXgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-14 07:43:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 155.2.216.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 03:42:58.469695 2026] [security2:error] [pid 22596:tid 22596] [client 155.2.216.28:32523] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davidnevueconcerts.com"] [uri "/.env"] [unique_id "agV9Ape2pa8rnOdW9uy8gAAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack