π³π±
Savvii
2025-10-02 05:19:57
(9 months ago)
20 attempts against mh-misbehave-ban on draco
Brute-Force
Bad Web Bot
Web App Attack
π³π±
jjnxpct
2025-10-02 03:45:07
(9 months ago)
Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ...
show more
Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /administrator/.env (Rule ID: 210492)
show less
Hacking
Web App Attack
π³π±
Site.eu
2025-10-02 02:33:15
(9 months ago)
Excessive multi-domain requests
Brute-Force
π¬π§
Apache
2025-10-01 17:46:30
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (CA/Canada/ec2-16-52-81-40.ca-centr ...
show more
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (CA/Canada/ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2025-10-01 17:01:40
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compu ...
show more
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:01:35.968694 2025] [security2:error] [pid 547:tid 547] [client 16.52.81.40:41716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boilers.modelengines.info"] [uri "/.env"] [unique_id "aN1eby1tuAgPD1Ohup90QwAAAAA"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-10-01 11:05:02
(9 months ago)
Blocked: Reason='Vulnerability probing β PHP scan detected (30/60 min)'; Requests=30
Port Scan
πΊπΈ
TPI-Abuse
2025-10-01 08:59:11
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compu ...
show more
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 04:59:08.361390 2025] [security2:error] [pid 4079:tid 4079] [client 16.52.81.40:51850] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "indoorfreeflight.com"] [uri "/.env"] [unique_id "aNztXKOKduBAtm6ZOzAbQwAAAAQ"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-10-01 08:29:44
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compu ...
show more
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 04:29:33.582993 2025] [security2:error] [pid 28484:tid 28484] [client 16.52.81.40:46132] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "indieheaven.io"] [uri "/.env"] [unique_id "aNzmbZFl_Li5S-ZK0OxArAAAAAc"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
Asimar
2025-10-01 01:06:20
(9 months ago)
(mod_security) mod_security triggered on hostname [redacted] 16.52.81.40 (CA/Canada/ec2-16-52-81-40. ...
show more
(mod_security) mod_security triggered on hostname [redacted] 16.52.81.40 (CA/Canada/ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): (CF_ENABLE)
show less
SQL Injection
π³π±
Arnold Maarten
2025-09-30 23:43:17
(9 months ago)
(mod_security) mod_security triggered on hostname [redacted] 16.52.81.40 (CA/Canada/ec2-16-52-81-40. ...
show more
(mod_security) mod_security triggered on hostname [redacted] 16.52.81.40 (CA/Canada/ec2-16-52-81-40.ca-central-1.compute.amazonaws.com)
show less
SQL Injection
Anonymous
2025-09-30 23:17:28
(9 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack
πΊπΈ
TPI-Abuse
2025-09-30 22:59:20
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compu ...
show more
(mod_security) mod_security (id:210492) triggered by 16.52.81.40 (ec2-16-52-81-40.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 30 18:59:17.188109 2025] [security2:error] [pid 17458:tid 17483] [client 16.52.81.40:47898] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "colinkyffinmusic.com"] [uri "/.env"] [unique_id "aNxgxZMyi8ZNhQCsiNinKQAAAFc"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2025-09-30 21:14:40
(9 months ago)
Multiple WAF Violations
Web App Attack
π§πͺ
cmbplf
2025-09-30 20:31:57
(9 months ago)
1.481 requests with url.path *.env
Brute-Force
Bad Web Bot
Anonymous
2025-09-30 18:57:20
(9 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH