π«π·
Catalin Negru
2026-07-04 17:07:01
(4 hours ago)
2026-06-12 00:21:21,219 fail2ban.actions [2945670]: NOTICE [apache-security] Ban 2602:fb54:1 ...
show more
2026-06-12 00:21:21,219 fail2ban.actions [2945670]: NOTICE [apache-security] Ban 2602:fb54:1400::27
2026-06-12 00:21:21,377 fail2ban.actions [2945670]: NOTICE [apache-404] Ban 2602:fb54:1400::27
2026-06-12 00:21:21,393 fail2ban.actions [2945670]: NOTICE [apache-scan] Ban 2602:fb54:1400::27
2026-06-12 00:21:25,637 fail2ban.actions [2945670]: NOTICE [web-scanner] Ban 2602:fb54:1400::27
2026-06-12 00:21:27,167 fail2ban.actions [2945670]: NOTICE [laravel-auth] Ban 2602:fb54:1400::27
...
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-19 09:33:11
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 05:33:06.594089 2026] [security2:error] [pid 14125:tid 14125] [client 2602:fb54:1400::27:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.helpsavepets.org"] [uri "/.env.staging"] [unique_id "ajUM0r8I3ErX_uAvJrUNjwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
dbmwebdesign
2026-06-19 06:30:07
(2 weeks ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
π¦πΊ
aranguren.org
2026-06-19 06:07:21
(2 weeks ago)
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /sa-private-key.json HTTP/1.1" 404 993 "-" ...
show more
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /sa-private-key.json HTTP/1.1" 404 993 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:150.0) Gecko/20100101 Firefox/150.0"
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /sa-key.json HTTP/1.1" 404 993 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0"
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /config/gcp.json HTTP/1.1" 404 993 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /secrets/gcp-key.json HTTP/1.1" 404 993 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:150.0) Gecko/20100101 Firefox/150.0"
2602:fb54:1400::27 - - [19/Jun/2026:16:07:21 +1000] "GET /wp-content/debug.log HTTP/1.1" 404 993 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
2602:fb54:1400::27 - - [19/Jun/20
...
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-19 05:55:19
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 01:55:11.621005 2026] [security2:error] [pid 23980:tid 23980] [client 2602:fb54:1400::27:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.theabstractpress.com"] [uri "/.env.development"] [unique_id "ajTZvx9etksikAIiILpOHAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
alferez
2026-06-19 02:51:17
(2 weeks ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
π³π±
Savvii
2026-06-19 02:12:12
(2 weeks ago)
20 attempts against mh-misbehave-ban on chive
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Savvii
2026-06-18 23:47:02
(2 weeks ago)
20 attempts against mh-misbehave-ban on frost
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-18 14:33:07
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::27 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 10:33:01.543968 2026] [security2:error] [pid 12160:tid 12160] [client 2602:fb54:1400::27:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sportsbookcommission.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sportsbookcommission.com"] [uri "/wp-content/debug.log"] [unique_id "ajQBndA8S3_XlLI_yjqfOgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-06-18 12:04:59
(2 weeks ago)
Excessive multi-domain requests
Brute-Force
π«π·
dynamix
2026-06-18 11:12:57
(2 weeks ago)
Multiple WAF Violations
Web App Attack
π³π±
Savvii
2026-06-18 04:48:11
(2 weeks ago)
20 attempts against mh-misbehave-ban on pyrus
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
lespbaj
2026-06-18 01:42:58
(2 weeks ago)
{"time":"2026-06-18T01:42:56+00:00","ip":"2602:fb54:1400::27","method":"GET","uri":"/wp-content/debu ...
show more
{"time":"2026-06-18T01:42:56+00:00","ip":"2602:fb54:1400::27","method":"GET","uri":"/wp-content/debug.log","ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:150.0) Gecko/20100101 Firefox/150.0","referer":""}
...
show less
Bad Web Bot
Web App Attack
πΊπΈ
ipblock.com
2026-06-17 20:53:00
(2 weeks ago)
IPBlock protected site ID [4055-d][s=07].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
Anonymous
2026-06-17 17:36:33
(2 weeks ago)
Aggressive web scan
Bad Web Bot
Web App Attack