๐ฉ๐ช
XICTRON
2026-06-20 04:30:04
(2 weeks ago)
ModSecurity rule violation detected by Fail2Ban
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 03:11:00
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 23:10:56.776612 2026] [security2:error] [pid 4490:tid 4490] [client 2602:fb54:1a00::4b:49710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "laecovillage.org"] [uri "/.env"] [unique_id "ajYEwOnD249MTOWImd5gxAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-06-20 02:03:00
(2 weeks ago)
IPBlock protected site ID [3390-wh].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 01:57:43
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 21:57:38.681624 2026] [security2:error] [pid 15149:tid 15149] [client 2602:fb54:1a00::4b:33292] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goseethenurse.com"] [uri "/api/.env"] [unique_id "ajXzkpZ13E0RnqhtZPp2QgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
maxpower
2026-06-20 01:39:15
(2 weeks ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2602:fb54:1a00::4b (US/United States/-): ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2602:fb54:1a00::4b (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2602:fb54:1a00::4b - - [20/Jun/2026:03:39:12 +0200] "GET /secrets.yml HTTP/2.0" 404 13323 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" "2602:fb54:1a00::4b" host=centrolarca.eu
2602:fb54:1a00::4b - - [20/Jun/2026:03:39:12 +0200] "GET /.aws/credentials HTTP/2.0" 404 13323 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" "2602:fb54:1a00::4b" host=centrolarca.eu
show less
Port Scan
๐ซ๐ท
dynamix
2026-06-20 01:00:45
(2 weeks ago)
Multiple WAF Violations
Web App Attack
Anonymous
2026-06-20 00:37:20
(2 weeks ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-06-19 23:53:52
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:53:44.522871 2026] [security2:error] [pid 10193:tid 10193] [client 2602:fb54:1a00::4b:45328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vexxarr.com"] [uri "/backend/.env"] [unique_id "ajXWiAXu33xLoG9Ahn9RTQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Roderic
2026-06-19 23:50:09
(2 weeks ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted])
Bad Web Bot
๐ฉ๐ช
LRob
2026-06-19 23:15:03
(2 weeks ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-19 23:06:46
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:06:40.068885 2026] [security2:error] [pid 25685:tid 25685] [client 2602:fb54:1a00::4b:39570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vitalitywebb.com"] [uri "/.env.example"] [unique_id "ajXLgM_shtBmk1K9tqtkAQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-19 22:18:41
(2 weeks ago)
"GET /.aws/credentials HTTP/1.1"
Hacking
Web App Attack
๐บ๐ธ
horsemedia
2026-06-19 21:57:03
(2 weeks ago)
probing for exploits /.env, /.env.production, /.aws/credentials, /secrets.json
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 21:47:33
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2602:fb54:1a00::4b (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:47:23.084227 2026] [security2:error] [pid 31360:tid 31360] [client 2602:fb54:1a00::4b:45046] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.henhousebbq.com"] [uri "/.env.example"] [unique_id "ajW465tDlBqw3lfUV8uSAQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-06-19 21:36:22
(2 weeks ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack