๐ฉ๐ช
ghostwarriors
2026-06-08 10:20:11
(4 weeks ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ksol-hostmaster
2026-06-08 10:02:15
(4 weeks ago)
2026/06/08 12:02:15 [error] 43188#179438: *2161181 access forbidden by rule, client: 2a02:4780:a:212 ...
show more
2026/06/08 12:02:15 [error] 43188#179438: *2161181 access forbidden by rule, client: 2a02:4780:a:2127:0:1ca4:5ab6:1, server: revolutionbim.com, request: "GET /dev/.env HTTP/1.1", host: "revolutionbim.com"
...
show less
Web Spam
๐บ๐ธ
TPI-Abuse
2026-06-08 06:32:44
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:32:31.160012 2026] [security2:error] [pid 5209:tid 5209] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:51438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kontikimotorcycles.com"] [uri "/.env"] [unique_id "aiZh_1Y6VQx28Y9i_lDRYgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Aetherweb Ark
2026-06-08 05:29:03
(4 weeks ago)
(mod_security) mod_security (id:949110) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): N in ...
show more
(mod_security) mod_security (id:949110) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): N in the last X secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 05:18:01
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:17:54.335696 2026] [security2:error] [pid 6140:tid 6140] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:28464] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aykuatelier.com"] [uri "/.env"] [unique_id "aiZQghKGlFDsVIsE511fGwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 02:55:58
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:55:52.184089 2026] [security2:error] [pid 32636:tid 32636] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:44202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftwwx.com"] [uri "/admin/.env"] [unique_id "aiYvOEIqsmR4OajPRsrdmgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 00:33:15
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:33:10.034962 2026] [security2:error] [pid 17971:tid 17971] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:50784] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infinitynull.net"] [uri "/admin/.env"] [unique_id "aiYNxp2nI20ojQ_-SUzTFgAAADc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-08 00:31:20
(1 month ago)
[MonJun0802:31:17.2501782026][security2:error][pid381634:tid381769][client2a02:4780:a:2127:0:1ca4:5a ...
show more
[MonJun0802:31:17.2501782026][security2:error][pid381634:tid381769][client2a02:4780:a:2127:0:1ca4:5ab6:1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"tecnospinasagl.ch\"][uri\"/dev/.env\"][unique_id\"aiYNVRtdiGK4a8QFsdi8yAAAAQw\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 23:21:21
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 19:21:16.061434 2026] [security2:error] [pid 495:tid 495] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:27296] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "circle-h-growers.com"] [uri "/dev/.env"] [unique_id "aiX87HBEgNAX3DVbl0QyagAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-07 23:00:10
(1 month ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-07 22:39:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:39:31.297943 2026] [security2:error] [pid 5125:tid 5125] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:24398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teenybikini.com"] [uri "/member/.env"] [unique_id "aiXzI0Xb-2tY-plj_547ZAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:05:21
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:05:14.827862 2026] [security2:error] [pid 1480:tid 1480] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:26624] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seshetmusic.com"] [uri "/app/.env"] [unique_id "aiXrGqjM6-GhR-aWj046fQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-07 22:03:16
(1 month ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
๐ซ๐ท
dynamix
2026-06-07 21:00:36
(1 month ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 20:48:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2127:0:1ca4:5ab6:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:48:51.718283 2026] [security2:error] [pid 10003:tid 10003] [client 2a02:4780:a:2127:0:1ca4:5ab6:1:61562] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joshuashands.org"] [uri "/dev/.env"] [unique_id "aiXZMwnjpgxrasg-L-EtFAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack