πΊπΈ
TPI-Abuse
2026-07-17 11:21:22
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:21:15.831400 2026] [security2:error] [pid 743446:tid 743446] [client 23.27.124.134:36666] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agapeaccounting.com"] [uri "/.env.backup"] [unique_id "aloQKz6TnRf_Cc7HJBSUKQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 10:07:53
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:07:49.730915 2026] [security2:error] [pid 793914:tid 793929] [client 23.27.124.134:41986] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.degreesoflove.com.teritemme.com"] [uri "/.env.local"] [unique_id "aln-9ZHyzoPc446I6_YcggAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 08:30:07
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:30:01.462206 2026] [security2:error] [pid 514110:tid 514110] [client 23.27.124.134:53648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.valuerec.jmarkcapital.com"] [uri "/.env.dev"] [unique_id "alnoCbCrwNAG2h12cyAg3gAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 07:53:47
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:53:41.929855 2026] [security2:error] [pid 406997:tid 406997] [client 23.27.124.134:34398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "armstrongpartnersllc.com"] [uri "/.env.dev"] [unique_id "alnfhb84ESRQjuzLbq8Q9AAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
ger-stg-sifi1
2026-07-17 07:51:02
(11 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 07:21:26
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:21:20.227723 2026] [security2:error] [pid 432397:tid 432397] [client 23.27.124.134:57876] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.webjemm.jen-eric.com"] [uri "/.env"] [unique_id "alnX8OuAFc_nNVgbFbrMhQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 06:58:23
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:58:16.736554 2026] [security2:error] [pid 8866:tid 8866] [client 23.27.124.134:34236] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "advantageinvestigation.com"] [uri "/.env.local"] [unique_id "alnSiNjxN3xtyhk1X72gbQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
COMAITE
2026-07-17 06:57:44
(12 hours ago)
Suspicious URL access.
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-17 05:51:57
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:51:53.253564 2026] [security2:error] [pid 300220:tid 300220] [client 23.27.124.134:57384] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "w-c-p-m.com"] [uri "/.env.example"] [unique_id "alnC-Ruq8vcqBG97UUHnigAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
masterguru
2026-07-17 05:39:48
(13 hours ago)
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ...
show more
URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-193)
show less
Hacking
π«π·
UnixPrime
2026-07-17 04:38:49
(14 hours ago)
23.27.124.134 - - [17/Jul/2026:06:38:48 +0200] "GET /backup/.env HTTP/1.1" 404 14027 "-" "Mozilla/5. ...
show more
23.27.124.134 - - [17/Jul/2026:06:38:48 +0200] "GET /backup/.env HTTP/1.1" 404 14027 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
23.27.124.134 - - [17/Jul/2026:06:38:49 +0200] "GET /backups/.env HTTP/1.1" 404 14028 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Bad Web Bot
Web App Attack
πͺπΈ
masterguru
2026-07-17 02:52:41
(16 hours ago)
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110- ...
show more
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110-122)
show less
Hacking
πΊπΈ
TPI-Abuse
2026-07-17 02:48:54
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 23.27.124.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:48:49.130822 2026] [security2:error] [pid 26977:tid 26977] [client 23.27.124.134:36492] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.statevictoryfund.progressivefileshare.org"] [uri "/.env.production"] [unique_id "almYEV6TCHuNBUY9HpF6fAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π΅π±
lns.bz
2026-07-17 02:31:41
(17 hours ago)
Web app attack [PL.Lu]
Exploited Host
Web App Attack
π·πΊ
DZBOT
2026-07-17 01:23:57
(18 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack