๐ฉ๐ช
4server
2026-06-08 04:30:16
(3 weeks ago)
[MonJun0806:30:10.8115342026][security2:error][pid640965:tid641123][client2a02:4780:11:1930:0:259e:c ...
show more
[MonJun0806:30:10.8115342026][security2:error][pid640965:tid641123][client2a02:4780:11:1930:0:259e:c615:1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"essesolution.ch\"][uri\"/api/.env\"][unique_id\"aiZFUvHhiMhksgDBMp9BHwAAANc\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 01:21:16
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:21:13.159011 2026] [security2:error] [pid 30072:tid 30072] [client 2a02:4780:11:1930:0:259e:c615:1:53334] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "winestoria.com"] [uri "/.env"] [unique_id "aiYZCdAksOgzdy25FfqKfQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-07 22:07:55
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-07 20:49:26
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:49:19.861012 2026] [security2:error] [pid 7203:tid 7203] [client 2a02:4780:11:1930:0:259e:c615:1:42262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "charmainecruz.com"] [uri "/backend/.env"] [unique_id "aiXZT082EtcO16IO4Ca-PwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
BlueWire Hosting
2026-06-07 20:43:35
(3 weeks ago)
Probing websites for vulnerabilities
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 20:14:52
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:14:48.758657 2026] [security2:error] [pid 22551:tid 22551] [client 2a02:4780:11:1930:0:259e:c615:1:55270] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "creertest.com"] [uri "/laravel/.env"] [unique_id "aiXROEr7SNF_r4bxFXSRHwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-07 18:15:04
(3 weeks ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-07 17:58:31
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:58:28.356947 2026] [security2:error] [pid 24752:tid 24752] [client 2a02:4780:11:1930:0:259e:c615:1:39940] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssl-grp.com"] [uri "/admin/.env"] [unique_id "aiWxRACSLGOvJPG1NfUNiwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:18:17
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:18:09.621608 2026] [security2:error] [pid 4303:tid 4303] [client 2a02:4780:11:1930:0:259e:c615:1:23398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "getpic.com"] [uri "/admin/.env"] [unique_id "aiWn0a9OxTx3az36ppguCgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 16:11:10
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:11:06.649297 2026] [security2:error] [pid 32511:tid 32511] [client 2a02:4780:11:1930:0:259e:c615:1:38598] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "photospecialties.net"] [uri "/.env"] [unique_id "aiWYGqMG9XlpL9rKu66sDwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 15:35:28
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:35:23.864248 2026] [security2:error] [pid 6409:tid 6416] [client 2a02:4780:11:1930:0:259e:c615:1:30992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "echrony.com"] [uri "/laravel/.env"] [unique_id "aiWPuzOv53ixdCI3TuZtTwAAAUQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-06-07 15:25:40
(4 weeks ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-07 15:20:28
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:20:20.543867 2026] [security2:error] [pid 15834:tid 15834] [client 2a02:4780:11:1930:0:259e:c615:1:17996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cwidisplays.com"] [uri "/laravel/.env"] [unique_id "aiWMNE205o5Amq0t70SFqgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-07 13:31:26
(4 weeks ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 12:15:24
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1930:0:259e:c615:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:15:18.002574 2026] [security2:error] [pid 13038:tid 13038] [client 2a02:4780:11:1930:0:259e:c615:1:41594] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kmichaelbabcock.com"] [uri "/core/.env"] [unique_id "aiVg1sqYvcbAi6giVrkohAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack