๐บ๐ธ
TPI-Abuse
2026-07-02 14:06:38
(1 week ago)
(mod_security) mod_security (id:949110) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:949110) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 10:06:31.934983 2026] [security2:error] [pid 2450:tid 2450] [client 172.71.164.68:12204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "qualiabookings.com"] [uri "/.git/config"] [unique_id "akZwZ0-Z37FtHc5RpvdkzQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 12:08:33
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 08:08:25.235330 2026] [security2:error] [pid 15692:tid 15692] [client 172.71.164.68:13062] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeffjastro.com"] [uri "/.git/config"] [unique_id "akZUuVnOx-dzl_EG0BBC1gAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 08:47:09
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:47:02.162687 2026] [security2:error] [pid 4271:tid 4271] [client 172.71.164.68:13681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "495metro.com"] [uri "/.git/config"] [unique_id "akYlhjzITfep5rjT9z4W2gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 07:04:48
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:04:45.679251 2026] [security2:error] [pid 5668:tid 5668] [client 172.71.164.68:12951] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nwtree.com"] [uri "/.git/config"] [unique_id "akDHja5Wi7675MhEk8cJSwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 17:00:35
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 13:00:27.747006 2026] [security2:error] [pid 9715:tid 9740] [client 172.71.164.68:13972] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accuball.com"] [uri "/.env.backup"] [unique_id "akABq4jMB8ZFw76iy81pPgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 12:28:04
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 08:27:59.251248 2026] [security2:error] [pid 26182:tid 26182] [client 172.71.164.68:13378] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fullyevil.com"] [uri "/.git/config"] [unique_id "ajU1zy19kzBjWH-_RibfvAAAAAQ"], referer: https://www.google.com/search?q=fullyevil.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-06-15 17:26:20
(3 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-11 04:09:35
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 00:09:32.030499 2026] [security2:error] [pid 7823:tid 7823] [client 172.71.164.68:12625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thedomainevaluator.com"] [uri "/.git/config"] [unique_id "aio0_NzJdAM5oegdColv9AAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Smish
2026-06-07 08:54:39
(1 month ago)
HONEYPOT HIT --> Fail2ban time=1780822479 log=2026-06-07T09:54:39+01:00 ip=172.71.164.68 host=vmhost ...
show more
HONEYPOT HIT --> Fail2ban time=1780822479 log=2026-06-07T09:54:39+01:00 ip=172.71.164.68 host=vmhost01.mci.as210667.net method=GET uri="/.env.old" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0" ref="-" rid=6c4e9740c89c7d26d4387371634c3392
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 23:03:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 19:03:32.391775 2026] [security2:error] [pid 29633:tid 29633] [client 172.71.164.68:12320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.vespaitaliancafe.com"] [uri "/.git/config"] [unique_id "aiSnRIj9W3sAubOepgS6NQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
updown.io
2026-06-06 17:11:00
(1 month ago)
{"level":"info","ts":1780763618.5719802,"logger":"http.log.access.log1","msg":"handled request","req ...
show more
{"level":"info","ts":1780763618.5719802,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"172.71.164.68","remote_port":"13403","client_ip":"172.71.164.68","proto":"HTTP/2.0","method":"GET","host":"status.rosua.org","uri":"/core/static/config%2eenv","headers":{"X-Originating-Ip":["127.0.0.1"],"True-Client-Ip":["127.0.0.1"],"Accept-Language":["en-US,en;q=0.9"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Azure-Socketip":["127.0.0.1"],"Accept-Encoding":["gzip, br"],"Accept":["*/*"],"X-Forwared":["127.0.0.1"],"Cf-Ipcountry":["FR"],"Cdn-Loop":["cloudflare; loops=1"],"Cf-Ray":["a078d1e7ff25be96-FRA"],"X-Host":["127.0.0.1"],"X-Client-Ip":["127.0.0.1"],"X-Azure-Clientip":["127.0.0.1"],"X-Forwarded-For":["127.0.0.1,185.177.72.69"],"Cf-Connecting-Ip":["185.177.72.69"],"X-Forwarded-Proto":["https"],"User-Agent":["curl/8.7.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"status.rosua.org","ech":false}},"bytes_read":0,"user_id":""
...
show less
DDoS Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-05 17:25:03
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 13:24:55.369156 2026] [security2:error] [pid 5873:tid 5873] [client 172.71.164.68:11021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "champions-in-arms.com"] [uri "/.git/config"] [unique_id "aiMGZ1iojBl16mV_zGciGgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 09:41:38
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:41:33.149229 2026] [security2:error] [pid 30064:tid 30064] [client 172.71.164.68:9900] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "correlationdesign.com"] [uri "/.git/config"] [unique_id "aiFITddikGO8j6k84lxT9wAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 03:23:32
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:23:28.888023 2026] [security2:error] [pid 26220:tid 26220] [client 172.71.164.68:11447] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oceanrich.biz"] [uri "/.git/config"] [unique_id "aiDvsPe_0NjnY8iVXbADxwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 17:37:09
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:37:02.753680 2026] [security2:error] [pid 28314:tid 28492] [client 172.71.164.68:11185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totalbodycare753.com"] [uri "/.git/config"] [unique_id "ah8UvvBruJ24dtF7XHNaSAAAAgk"]
show less
Brute-Force
Bad Web Bot
Web App Attack