π©πͺ
XICTRON
2026-06-08 05:40:07
(3 weeks ago)
ModSecurity rule violation detected by Fail2Ban
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 03:16:28
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:16:24.585074 2026] [security2:error] [pid 28151:tid 28151] [client 2a02:4780:3:577:0:1b48:cf02:1:26316] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pa-ksa.com"] [uri "/dev/.env"] [unique_id "aiY0CB7dO2mu0IKrqRVMFwAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 01:30:39
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:30:31.842705 2026] [security2:error] [pid 13822:tid 13822] [client 2a02:4780:3:577:0:1b48:cf02:1:38578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shadowveil.io"] [uri "/.env"] [unique_id "aiYbN1fPKwPHxumKy7On4AAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 22:36:36
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:36:32.973451 2026] [security2:error] [pid 7267:tid 7267] [client 2a02:4780:3:577:0:1b48:cf02:1:65470] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "birdlovers.net"] [uri "/admin/.env"] [unique_id "aiXycMemp1ErTVan8rJ58wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
homeshowdomain.nl
2026-06-07 22:07:24
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
πΊπΈ
TPI-Abuse
2026-06-07 21:23:18
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:23:11.674782 2026] [security2:error] [pid 3415:tid 3415] [client 2a02:4780:3:577:0:1b48:cf02:1:30640] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "monmouthcountydanceclasses.com"] [uri "/core/.env"] [unique_id "aiXhP2l2T2AaeO6wPhi7cAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π
4server
2026-06-07 18:23:16
(3 weeks ago)
[SunJun0720:23:10.5056032026][security2:error][pid217695:tid217878][client2a02:4780:3:577:0:1b48:cf0 ...
show more
[SunJun0720:23:10.5056032026][security2:error][pid217695:tid217878][client2a02:4780:3:577:0:1b48:cf02:1:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"ticino-host.ch\"][uri\"/admin/.env\"][unique_id\"aiW3DiP6-NMLP8TUrvnregAAAIc\"]
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 15:25:36
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:25:31.557773 2026] [security2:error] [pid 11791:tid 11791] [client 2a02:4780:3:577:0:1b48:cf02:1:36342] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insearchofacure.org"] [uri "/backend/.env"] [unique_id "aiWNa1GZFxYeGB54QePrJwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-06-07 15:15:24
(3 weeks ago)
Excessive multi-domain requests
Brute-Force
πΊπΈ
TPI-Abuse
2026-06-07 12:48:05
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:48:00.247233 2026] [security2:error] [pid 3979:tid 3979] [client 2a02:4780:3:577:0:1b48:cf02:1:36842] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kajota.com"] [uri "/app/.env"] [unique_id "aiVogA-qzYqQkMdw9at7OwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
4server
2026-06-07 12:28:56
(3 weeks ago)
[SunJun0714:28:54.8470942026][security2:error][pid3820225:tid3820299][client2a02:4780:3:577:0:1b48:c ...
show more
[SunJun0714:28:54.8470942026][security2:error][pid3820225:tid3820299][client2a02:4780:3:577:0:1b48:cf02:1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"prstartup.ch\"][uri\"/app/.env\"][unique_id\"aiVkBr0wNIHM1xw3I-o4PwAAAII\"]
show less
Port Scan
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 11:59:17
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 07:59:14.554383 2026] [security2:error] [pid 19928:tid 19928] [client 2a02:4780:3:577:0:1b48:cf02:1:49256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kozyramodularhomebuilder.com"] [uri "/laravel/.env"] [unique_id "aiVdEto4QsGMgBeurS8IUAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 11:31:32
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 07:31:27.641627 2026] [security2:error] [pid 27909:tid 27909] [client 2a02:4780:3:577:0:1b48:cf02:1:48698] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "travelsupersonic.com"] [uri "/dev/.env"] [unique_id "aiVWjzIoaMxlLFLPGukRUQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 11:12:59
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 07:12:56.511019 2026] [security2:error] [pid 3733:tid 3733] [client 2a02:4780:3:577:0:1b48:cf02:1:54022] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sjjcox.com"] [uri "/app/.env"] [unique_id "aiVSOKOwBSnBByWZx4g3lQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 08:18:27
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:3:577:0:1b48:cf02:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:18:21.105316 2026] [security2:error] [pid 16580:tid 16580] [client 2a02:4780:3:577:0:1b48:cf02:1:35958] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jenricker.com"] [uri "/laravel/.env"] [unique_id "aiUpTVyEJwMXh01B5nishwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack