๐ฉ๐ช
Bedios GmbH
2026-07-06 13:22:42
(19 hours ago)
Login credentials theft attempt
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-06 13:17:38
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 09:17:23.392670 2026] [security2:error] [pid 8526:tid 8533] [client 170.124.32.134:52005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "volcano-sa.com"] [uri "/.env.production"] [unique_id "akuq4wn6td7jH0ZUN_5bnQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
KIDOS
2026-07-06 12:19:40
(20 hours ago)
malicious activity
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-06 11:13:55
(21 hours ago)
(mod_security-custom) mod_security (id:210492) triggered by 170.124.32.134 (US/United States/Marylan ...
show more
(mod_security-custom) mod_security (id:210492) triggered by 170.124.32.134 (US/United States/Maryland/Lanham-Seabrook/-/[AS6079 RCN-AS]): 1 in the last 3600 secs (0-srv1)
show less
Hacking
Anonymous
2026-07-06 08:05:36
(1 day ago)
Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=5
Hacking
๐บ๐ธ
RidgeStar
2026-07-06 00:41:53
(1 day ago)
2026-07-01T18:27:59-07:00: 0'"><script>alert(68752)</script>
2026-07-01T17: ...
show more
2026-07-01T18:27:59-07:00: 0'"><script>alert(68752)</script>
2026-07-01T17:22:38-07:00: 0'"><script>alert(68752)</script>
show less
Port Scan
Hacking
๐จ๐ญ
4server
2026-07-05 22:51:44
(1 day ago)
[MonJul0600:51:31.6984062026][security2:error][pid700954:tid701320][client170.124.32.134:0]ModSecuri ...
show more
[MonJul0600:51:31.6984062026][security2:error][pid700954:tid701320][client170.124.32.134:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"comarcosa.com\"][uri\"/.env.bak\"][unique_id\"akrf8x5mb2SE-AMwmf4YiwAAAZI\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 22:03:16
(1 day ago)
(mod_security) mod_security (id:210381) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210381) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 18:02:52.477110 2026] [security2:error] [pid 8672:tid 8672] [client 170.124.32.134:55159] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||hanabritgermanshepherds.com|F|4"] [data "REQUEST_URI=/index.php/component/content/article/index.php?option=com_content&view=article%27&id=23&catid=2&Itemid=116100%100%CRITICAL"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "hanabritgermanshepherds.com"] [uri "/index.php/component/content/article/index.php"] [unique_id "akrUjA8TEzYI7tycuW23lwAAAC0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
bcsaba
2026-07-05 21:45:59
(1 day ago)
Probing for .env file:
170.124.32.134 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.dev.local HTTP/2.0 ...
show more
Probing for .env file:
170.124.32.134 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.dev.local HTTP/2.0" 403 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
nyt
2026-07-05 21:31:36
(1 day ago)
XSS
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 21:18:44
(1 day ago)
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 17:18:38.098353 2026] [security2:error] [pid 16032:tid 16032] [client 170.124.32.134:33507] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||verenacastle.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /g12cartcontents.php?fromwhere=g12generic.php&fromwhat=itemdetail&itemid=100'\\x22><script>alert(68752)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "verenacastle.com"] [uri "/g12cartcontents.php"] [unique_id "akrKLhegQwYjMiXmabYn0QAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-05 20:48:47
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 20:46:12
(1 day ago)
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:45:57.572681 2026] [security2:error] [pid 13999:tid 14008] [client 170.124.32.134:36781] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.aapm.info|F|2"] [data "Matched Data: <script found within REQUEST_URI: /publicationd61c.html?id=5'\\x22><script>alert(68752)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.aapm.info"] [uri "/publicationd61c.html"] [unique_id "akrChduR1F7DDVVtw0B4iwAAAEc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
nyt
2026-07-05 20:20:17
(1 day ago)
Sensitive File Probe, DB Admin Probe
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 20:01:25
(1 day ago)
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 170.124.32.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:01:12.301241 2026] [security2:error] [pid 13635:tid 13635] [client 170.124.32.134:44853] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.christineohlman.net|F|2"] [data "Matched Data: <script found within REQUEST_URI: /?ref=ruralintelligence.com'\\x22><script>alert(68752)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.christineohlman.net"] [uri "/"] [unique_id "akq4CP4ZCxyZO5j_gTrwVQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack