๐ฉ๐ช
pcpiefke
2026-07-03 12:32:16
(4 minutes ago)
(mod_security) mod_security triggered on hostname [redacted] 193.160.32.97 (US/United States/-)
SQL Injection
๐บ๐ธ
Carltonfsck
2026-07-03 12:29:31
(7 minutes ago)
193.160.32.97 - - [03/Jul/2026:12:29:27 +0000] "GET /flowise/api/v1/credentials HTTP/1.1" 404 49
193 ...
show more
193.160.32.97 - - [03/Jul/2026:12:29:27 +0000] "GET /flowise/api/v1/credentials HTTP/1.1" 404 49
193.160.32.97 - - [03/Jul/2026:12:29:30 +0000] "GET /config.json HTTP/1.1" 404 49
193.160.32.97 - - [03/Jul/2026:12:29:30 +0000] "GET /credentials.json HTTP/1.1" 404 49
...
show less
Hacking
Web App Attack
Anonymous
2026-07-03 12:06:08
(30 minutes ago)
193.160.32.97 - - [03/Jul/2026:14:05:58 +0200] "GET /flowise/api/v1/credentials HTTP/1.1" 404 498 "- ...
show more
193.160.32.97 - - [03/Jul/2026:14:05:58 +0200] "GET /flowise/api/v1/credentials HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15"
193.160.32.97 - - [03/Jul/2026:14:06:00 +0200] "GET /api/credentials.json HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
193.160.32.97 - - [03/Jul/2026:14:06:00 +0200] "GET /app/appsettings.json HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15"
193.160.32.97 - - [03/Jul/2026:14:06:00 +0200] "GET /api/.env HTTP/1.1" 403 501 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
193.160.32.97 - - [03/Jul/2026:14:06:00 +0200] "GET /appsettings.json HTTP/1.1" 404 498 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gec
...
show less
DDoS Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 10:51:34
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:51:30.191958 2026] [security2:error] [pid 11878:tid 11878] [client 193.160.32.97:14876] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "central-wi-coal-sales.com"] [uri "/.env.copy"] [unique_id "akeUMqRNlD8_s_Ir4xcuEwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-03 09:53:19
(2 hours ago)
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ...
show more
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-stl2-13)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-03 09:37:48
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 05:37:45.322697 2026] [security2:error] [pid 12713:tid 12749] [client 193.160.32.97:53884] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.brydansales.com"] [uri "/.env.local~"] [unique_id "akeC6c7A_ewwRUX33PslsgAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Octopuce
2026-07-03 09:17:37
(3 hours ago)
Aggressive web search of vulnerable pages: /.env /secrets/service-account.json /secrets/gcp-key.json ...
show more
Aggressive web search of vulnerable pages: /.env /secrets/service-account.json /secrets/gcp-key.json /.env.local /api/.env ...
show less
Web App Attack
๐ฆ๐น
penguin-solutions.at
2026-07-03 09:11:23
(3 hours ago)
Excessive 403/404 errors
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 09:11:05
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 05:10:57.116436 2026] [security2:error] [pid 26471:tid 26471] [client 193.160.32.97:43194] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nhgrange.org"] [uri "/.env.production.copy"] [unique_id "akd8oZ2KTniIzuGbSQdRJgAAAG4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-03 09:06:05
(3 hours ago)
Trying to access config files
Web App Attack
Anonymous
2026-07-03 09:01:14
(3 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
Anonymous
2026-07-03 08:24:50
(4 hours ago)
Web App Attack
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-03 08:08:13
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 04:08:06.191427 2026] [security2:error] [pid 8493:tid 8493] [client 193.160.32.97:7074] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.infinite-a.com"] [uri "/.env.local.copy"] [unique_id "akdt5uOwZsERleAYVPm3gwAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 07:10:20
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 193.160.32.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:10:15.200160 2026] [security2:error] [pid 14333:tid 14333] [client 193.160.32.97:59192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frankklimas.com"] [uri "/.env.production.copy"] [unique_id "akdgV696g9dLbpE1pRzK3AAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-03 07:08:07
(5 hours ago)
Restricted File Access Attempt. Matched phrase "credentials.json" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack