๐บ๐ธ
mw
2026-07-18 00:20:19
(21 hours ago)
GET /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd HTTP/1.1
Web App Attack
๐จ๐ญ
Kepler-1649c
2026-07-17 22:05:20
(23 hours ago)
Detected Attack: SolarWinds.WHD.Hardcoded.Credential.Authentication.Bypass
Hacking
๐ท๐บ
DZBOT
2026-07-17 17:40:59
(1 day ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-17 17:32:00
(1 day ago)
IPBlock protected site ID [4055-d][s=07].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 17:03:44
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 13:03:36.769888 2026] [security2:error] [pid 12998:tid 12998] [client 197.0.128.160:16827] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||thecrimsonpirate.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thecrimsonpirate.com"] [uri "/backupsettings.dat"] [unique_id "alpgaEtNitsYFB_7Uw5UugAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
nyt
2026-07-17 15:35:15
(1 day ago)
CGI Probe
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-17 15:04:13
(1 day ago)
197.0.128.160 - - [17/Jul/2026:18:04:11 +0300] "GET /wp-content/uploads/wp-clone/wpclone_backup/data ...
show more
197.0.128.160 - - [17/Jul/2026:18:04:11 +0300] "GET /wp-content/uploads/wp-clone/wpclone_backup/database.sql HTTP/1.1" 404 4647 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_6_6; de) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.2 Safari/605.1.15"
197.0.128.160 - - [17/Jul/2026:18:04:12 +0300] "GET /wp-content/plugins/export-wp-page-to-static-html/README.txt HTTP/1.1" 404 729 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐จ๐ญ
backslash
2026-07-17 15:03:00
(1 day ago)
block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68
Bad Web Bot
๐ฌ๐ง
consul.to
2026-07-17 14:19:07
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
rdpguard.com
2026-07-17 13:55:06
(1 day ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-17 13:10:21
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:10:15.735040 2026] [security2:error] [pid 32760:tid 32760] [client 197.0.128.160:20889] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||danzadance.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "danzadance.org"] [uri "/wp-content/uploads/wp-clone/wpclone_backup/database.sql"] [unique_id "alopt-pYXqh0YPMUSh_t3wAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:25:51
(1 day ago)
(mod_security) mod_security (id:211190) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:25:44.100100 2026] [security2:error] [pid 29422:tid 29504] [client 197.0.128.160:58079] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||liquido.cocoonprojects.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/cgiServer.exx?download=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "liquido.cocoonprojects.com"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "alofSOGby-8CJdfIVr_UZwAAAgA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-07-17 11:55:53
(1 day ago)
(modsecurity) srv103 ModSecurity 197.0.128.160 (TN/Tunisia/-): 10 in the last 3600 secs; Ports: *; D ...
show more
(modsecurity) srv103 ModSecurity 197.0.128.160 (TN/Tunisia/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ซ๐ท
dynamix
2026-07-17 11:35:16
(1 day ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:27:10
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 197.0.128.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:27:04.018041 2026] [security2:error] [pid 13251:tid 13251] [client 197.0.128.160:17487] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jamesrobertparish.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jamesrobertparish.com"] [uri "/backupsettings.dat"] [unique_id "aloRiI_-nX0nOKTeqCGGSwAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack