๐ฎ๐ฑ
spd.co.il
2026-07-08 19:01:40
(4 days ago)
Web application attack detected
Hacking
Web App Attack
๐ต๐ฑ
sefinek.net
2026-07-06 19:09:16
(6 days ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action: MANAGED_CHALLENGE | Protocol: HTTP/2 (GET ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action: MANAGED_CHALLENGE | Protocol: HTTP/2 (GET) | Endpoint: / | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-06 12:42:48
(6 days ago)
(mod_security) mod_security (id:212620) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 08:42:34.422653 2026] [security2:error] [pid 25301:tid 25324] [client 170.124.32.137:35351] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||volcano-sa.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /products.php?catid=6&subcatid=4'\\x22><script>alert(68752)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "volcano-sa.com"] [uri "/products.php"] [unique_id "akuiulgari8m1H3oyqpZLgAAAVU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-06 11:13:56
(6 days ago)
(mod_security-custom) mod_security (id:210492) triggered by 170.124.32.137 (US/United States/Marylan ...
show more
(mod_security-custom) mod_security (id:210492) triggered by 170.124.32.137 (US/United States/Maryland/Lanham-Seabrook/-/[AS6079 RCN-AS]): 1 in the last 3600 secs (0-srv1)
show less
Hacking
๐จ๐ญ
backslash
2026-07-06 07:57:01
(6 days ago)
block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-06 04:53:10
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:52:54.065094 2026] [security2:error] [pid 747:tid 747] [client 170.124.32.137:58647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.caferutadelaseda.com"] [uri "/.env.development.local"] [unique_id "aks0pnrAkOAL80Bb6Jz1JwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 04:25:35
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:25:21.327102 2026] [security2:error] [pid 10103:tid 10103] [client 170.124.32.137:45211] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3905ccn.org"] [uri "/.env.production"] [unique_id "aksuMeaMyEy0U2Cwv_Wk8gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
conseilgouz
2026-07-06 00:25:15
(6 days ago)
upe-7 : Trying access unauthorized files/dir=>/wp-content/plugins/WordPressCore/
Hacking
๐จ๐ญ
4server
2026-07-05 22:48:20
(1 week ago)
[MonJul0600:48:07.8255322026][security2:error][pid670329:tid670482][client170.124.32.137:0]ModSecuri ...
show more
[MonJul0600:48:07.8255322026][security2:error][pid670329:tid670482][client170.124.32.137:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"whatsdecor.ch\"][uri\"/.env.production\"][unique_id\"akrfJ3pS0aVdpGTsKeAocgAAABU\"]
show less
Hacking
Web App Attack
๐ฉ๐ช
marten_o
2026-07-05 22:01:06
(1 week ago)
170.124.32.137 - - [06/Jul/2026:00:01:06 +0200] "GET /component/users/login.html?Itemid=101%27%22%3E ...
show more
170.124.32.137 - - [06/Jul/2026:00:01:06 +0200] "GET /component/users/login.html?Itemid=101%27%22%3E%3Cscript%3Ealert(68752)%3C/script%3E HTTP/2.0" 403 239 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" 423 370
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 21:53:23
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 17:53:06.283025 2026] [security2:error] [pid 16779:tid 16779] [client 170.124.32.137:54391] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "verenacastle.com"] [uri "/.env.prod.local"] [unique_id "akrSQugQGIEDqFtn_izSPwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
bcsaba
2026-07-05 21:46:00
(1 week ago)
Probing for .env file:
170.124.32.137 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.development.local ...
show more
Probing for .env file:
170.124.32.137 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.development.local HTTP/2.0" 403 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
RidgeStar
2026-07-05 21:25:03
(1 week ago)
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-05 21:20:33
(1 week ago)
(mod_security) mod_security (id:210381) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210381) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 17:20:19.257744 2026] [security2:error] [pid 14648:tid 14648] [client 170.124.32.137:50371] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||coffeewitheinstein.com|F|4"] [data "REQUEST_URI=/index.php?main_page=page&id=1100%90%CRITICAL"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "coffeewitheinstein.com"] [uri "/index.php"] [unique_id "akrKk7Ui-DjlrQ9SGk4gcAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 20:54:52
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:54:43.765331 2026] [security2:error] [pid 1862:tid 1862] [client 170.124.32.137:58131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "phuket-boatcharter.com"] [uri "/.env.bak"] [unique_id "akrEkweSGcvkS0HJFTB53gAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack