๐บ๐ธ
TPI-Abuse
2026-07-06 12:55:26
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 08:55:12.435149 2026] [security2:error] [pid 31337:tid 31337] [client 170.124.32.142:34615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "verenacastle.com"] [uri "/.env.dev.local"] [unique_id "akulsHzt2P1TZU6HOyYCcQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 10:27:47
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 06:27:30.914177 2026] [security2:error] [pid 14733:tid 14733] [client 170.124.32.142:34059] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiyaplatform.com"] [uri "/.env.bak"] [unique_id "akuDEpnwN9Kl4pUIqlTwJwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 08:05:06
(2 days ago)
Web Clients HTTP URL JavaScript Function Cross-Site Scripting.
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 04:53:11
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:52:54.045760 2026] [security2:error] [pid 31862:tid 31862] [client 170.124.32.142:44869] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.caferutadelaseda.com"] [uri "/.env.prod"] [unique_id "aks0pq9O0cBpK8Mg8AU3qQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ป๐ณ
Xuan Can
2026-07-06 04:43:31
(2 days ago)
(mod_security) mod_security (id:1900947723) triggered by 170.124.32.142 (US/United States/-): 1 in t ...
show more
(mod_security) mod_security (id:1900947723) triggered by 170.124.32.142 (US/United States/-): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 11:43:26.053935 2026] [security2:error] [pid 17989:tid 18021] [client 170.124.32.142:0] ModSecurity: Access denied with code 403 (phase 1). String match "/phpmyadmin" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "60"] [id "1900947723"] [msg "Deny phpMyAdmin"] [hostname "www.sieuthimaychu.vn"] [uri "/phpmyadmin2/"] [unique_id "aksybhx5hdUxLCn4IRF_ywAAAAU"]
show less
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-05 23:17:30
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 19:17:06.611491 2026] [security2:error] [pid 11597:tid 11597] [client 170.124.32.142:45311] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coffeewitheinstein.com"] [uri "/.env.dev"] [unique_id "akrl8rrAe-f26F-ea6cW0gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
conseilgouz
2026-07-05 22:57:36
(2 days ago)
upe-12 : Block return, carriage return, ... characters=>/index.php?option=com_content%27&view=ar ...
show more
upe-12 : Block return, carriage return, ... characters=>/index.php?option=com_content%27&view=article&id=43&catid=8100%100%CRITICAL(')
show less
Hacking
๐จ๐ญ
4server
2026-07-05 22:51:41
(2 days ago)
[MonJul0600:51:31.7430462026][security2:error][pid700949:tid701262][client170.124.32.142:0]ModSecuri ...
show more
[MonJul0600:51:31.7430462026][security2:error][pid700949:tid701262][client170.124.32.142:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"comarcosa.com\"][uri\"/.env.prod\"][unique_id\"akrf81zbYVy_0BkAvhU7GAAAAJY\"]
show less
Hacking
Web App Attack
๐ง๐ช
voormedia
2026-07-05 22:38:39
(2 days ago)
Accessed trap at '/.env'
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 22:03:15
(2 days ago)
(mod_security) mod_security (id:212620) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 18:02:55.896725 2026] [security2:error] [pid 15871:tid 15871] [client 170.124.32.142:34949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||hanabritgermanshepherds.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /index.php/component/content/article/index.php?option=com_content&view=article&id=23&catid=2'\\x22><script>alert(68752)</script>&itemid=116100\\x100%critical"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "hanabritgermanshepherds.com"] [uri "/index.php/component/content/article/index.php"] [unique_id "akrUjynrB7fmYgehLD4BLwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
bcsaba
2026-07-05 21:46:01
(2 days ago)
Probing for .env file:
170.124.32.142 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.production HTTP/2. ...
show more
Probing for .env file:
170.124.32.142 - - [05/Jul/2026:23:45:59 +0200] "GET /.env.production HTTP/2.0" 403 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
RidgeStar
2026-07-05 21:02:22
(2 days ago)
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-05 20:46:23
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 170.124.32.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:46:12.468955 2026] [security2:error] [pid 13999:tid 14003] [client 170.124.32.142:33537] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "killerrockandroll.com"] [uri "/.env.dev.local"] [unique_id "akrClNuR1F7DDVVtw0B44gAAAEI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pltcldvlpr
2026-07-05 20:39:44
(2 days ago)
CMS/framework probe: 170.124.32.142 - - [05/Jul/2026:22:39:43 +0200] "GET /.env.dev.local HTTP/2.0" ...
show more
CMS/framework probe: 170.124.32.142 - - [05/Jul/2026:22:39:43 +0200] "GET /.env.dev.local HTTP/2.0" 404 10589 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" asn=6079 org="RCN" country=US
...
show less
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-05 20:29:19
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2
Exploited Host
Web App Attack