Anonymous
2026-07-01 04:34:50
(5 days ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ณ๐ฑ
homeshowdomain.nl
2026-06-09 21:59:04
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08.
show less
Web App Attack
SSH
Hacking
๐ซ๐ท
Baking333
2026-06-08 13:45:27
(4 weeks ago)
[redacted] 2a02:4780:b:839:0:3898:e879:1 - - [08/Jun/2026:14:45:26 +0100] "GET /core/.env HTTP/1.1" ...
show more
[redacted] 2a02:4780:b:839:0:3898:e879:1 - - [08/Jun/2026:14:45:26 +0100] "GET /core/.env HTTP/1.1" 302 5288 0/44838 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" [redacted] 2a02:4780:b:839:0:3898:e879:1 - - [08/Jun/2026:14:45:26 +0100] "GET /.env HTTP/1.1" 302 5288 0/74633 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 09:55:23
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:55:18.783916 2026] [security2:error] [pid 20080:tid 20080] [client 2a02:4780:b:839:0:3898:e879:1:55580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirkrmartin.com"] [uri "/app/.env"] [unique_id "aiaRhm-qSsMEhvYOqEqFGgAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-06-08 06:16:39
(4 weeks ago)
Probing websites for vulnerabilities
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-06-08 05:37:44
(4 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 04:59:45
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 00:59:40.981378 2026] [security2:error] [pid 6453:tid 6453] [client 2a02:4780:b:839:0:3898:e879:1:58488] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lambert-heating-and-air.com"] [uri "/.env"] [unique_id "aiZMPOoAuJLIfTLxBVQ29QAAAFc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-08 04:09:01
(4 weeks ago)
Multiple WAF Violations
Web App Attack
๐ฉ๐ช
4server
2026-06-08 02:44:07
(4 weeks ago)
[MonJun0804:44:05.6017282026][security2:error][pid530746:tid530855][client2a02:4780:b:839:0:3898:e87 ...
show more
[MonJun0804:44:05.6017282026][security2:error][pid530746:tid530855][client2a02:4780:b:839:0:3898:e879:1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"allegraravizza.it\"][uri\"/core/.env\"][unique_id\"aiYsdfMzI-WV7yGmOyMg3wAAAMk\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 00:49:25
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:49:14.668885 2026] [security2:error] [pid 27295:tid 27295] [client 2a02:4780:b:839:0:3898:e879:1:18870] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uraniumjewelry.com"] [uri "/backend/.env"] [unique_id "aiYRiubg43eECIaVTjQycQAAADw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 23:10:40
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 19:10:34.438824 2026] [security2:error] [pid 9124:tid 9124] [client 2a02:4780:b:839:0:3898:e879:1:23654] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "herston.net"] [uri "/core/.env"] [unique_id "aiX6al70Tvlec4uBC7sduAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 18:30:47
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:30:39.687567 2026] [security2:error] [pid 5979:tid 5979] [client 2a02:4780:b:839:0:3898:e879:1:47440] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richmondrents.com"] [uri "/api/.env"] [unique_id "aiW4zxmqV9uyid2LFhe9ywAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 18:00:52
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:00:49.874816 2026] [security2:error] [pid 32647:tid 32647] [client 2a02:4780:b:839:0:3898:e879:1:20510] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "justkoolit.com"] [uri "/app/.env"] [unique_id "aiWx0fpyB7cr1RU4rH7G2AAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-07 15:47:01
(4 weeks ago)
Try to access /core/.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 12:57:33
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:839:0:3898:e879:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:57:26.215552 2026] [security2:error] [pid 21061:tid 21061] [client 2a02:4780:b:839:0:3898:e879:1:34456] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chefmarcelcooks.com"] [uri "/admin/.env"] [unique_id "aiVqtv8zpTfv6U8wY078rgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack