πΊπΈ
TPI-Abuse
2026-07-05 02:39:00
(49 minutes ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 22:38:54.534774 2026] [security2:error] [pid 30085:tid 30091] [client 2a04:c300:400::15c:27182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.ayubhamdardfoundation.org"] [uri "/.env.dev"] [unique_id "aknDvjvNeyP1fZDRUSWhbgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Roderic
2026-07-05 00:28:24
(3 hours ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
πΊπΈ
TPI-Abuse
2026-07-04 23:17:19
(4 hours ago)
(mod_security) mod_security (id:949110) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:949110) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 19:17:11.930181 2026] [security2:error] [pid 9319:tid 9319] [client 2a04:c300:400::15c:59444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.bluerockdragon.com"] [uri "/.env.old"] [unique_id "akmUd_6uP-MsTsPjorDQxQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 22:50:45
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 18:50:41.489377 2026] [security2:error] [pid 29552:tid 29552] [client 2a04:c300:400::15c:14260] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.herecometheplanes.com"] [uri "/.env.dev"] [unique_id "akmOQcQu2pWFIm8WwnHBlQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
chronos
2026-07-04 22:25:06
(5 hours ago)
[AUTORAVALT][[04/07/2026 - 19:25:05 -03:00 UTC]
Attack from [2a04:c300:400::15c] Action: BLocKed
Ha ...
show more
[AUTORAVALT][[04/07/2026 - 19:25:05 -03:00 UTC]
Attack from [2a04:c300:400::15c] Action: BLocKed
Hacking... Unauthorized attempts to access the server.
Web App Attack -> Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions.
]
...
show less
Hacking
Web App Attack
π³π±
Mangelot Hosting
2026-07-04 22:15:48
(5 hours ago)
(modsecurity) srv101 ModSecurity 2a04:c300:400::15c (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more
(modsecurity) srv101 ModSecurity 2a04:c300:400::15c (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 21:46:44
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 17:46:40.601509 2026] [security2:error] [pid 25311:tid 25311] [client 2a04:c300:400::15c:29278] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pocosfarm.com"] [uri "/.env.prod"] [unique_id "akl_QMYahpPWJBaseKzRuQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 21:21:03
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 17:20:56.425987 2026] [security2:error] [pid 17766:tid 17766] [client 2a04:c300:400::15c:59650] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.lamariposagallery.com"] [uri "/.env.dev"] [unique_id "akl5ONV9kZwoaPgV_xWjUQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
gadix
2026-07-04 20:55:53
(6 hours ago)
[04/Jul/2026:22:55:52.181561 +0200] aklzWBykQx27Sp6meJnyrAAAAJU 2a04:c300:400::15c 41750 127.0.0.1 7 ...
show more
[04/Jul/2026:22:55:52.181561 +0200] aklzWBykQx27Sp6meJnyrAAAAJU 2a04:c300:400::15c 41750 127.0.0.1 7081
[04/Jul/2026:22:55:52.200157 +0200] aklzWBykQx27Sp6meJnyrgAAAJA 2a04:c300:400::15c 41814 127.0.0.1 7081
[04/Jul/2026:22:55:52.214130 +0200] aklzWNEncfRYmIvJXRJ6WAAAAA8 2a04:c300:400::15c 41900 127.0.0.1 7081
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 20:44:12
(6 hours ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 16:44:07.572243 2026] [security2:error] [pid 3102:tid 3102] [client 2a04:c300:400::15c:23764] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.wintercypher.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.wintercypher.com"] [uri "/wp-content/debug.log"] [unique_id "aklwl5v3XYPZBjrAt761hgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-04 19:11:33
(8 hours ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
πΊπΈ
Charlesiv
2026-07-04 18:01:29
(9 hours ago)
Triggered Cloudflare WAF (linkMaze) from US.
Action taken: LINK_MAZE_INJECTED
ASN: 22295 (Advin Serv ...
show more
Triggered Cloudflare WAF (linkMaze) from US.
Action taken: LINK_MAZE_INJECTED
ASN: 22295 (Advin Services LLC)
Protocol: HTTP/1.1 (GET method)
Endpoint: /
Timestamp: 2026-07-04T17:56:03Z
Ray ID: a16001221d60b2d9
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36
show less
Bad Web Bot
π©πͺ
4server
2026-07-04 17:42:48
(9 hours ago)
[SatJul0419:42:44.8924412026][security2:error][pid1794254:tid1794383][client2a04:c300:400::15c:0]Mod ...
show more
[SatJul0419:42:44.8924412026][security2:error][pid1794254:tid1794383][client2a04:c300:400::15c:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.gm-swiss.ch\"][uri\"/api/.aws/config\"][unique_id\"aklGFKflBjk6J-TzDfy04QAAAQo\"]
show less
Port Scan
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 17:23:51
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 13:23:44.345405 2026] [security2:error] [pid 22343:tid 22343] [client 2a04:c300:400::15c:24472] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.aquatech-ind.com"] [uri "/.env"] [unique_id "aklBoBfGRdaR6Q6cJemKagAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 15:31:49
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::15c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 11:31:45.438016 2026] [security2:error] [pid 31552:tid 31552] [client 2a04:c300:400::15c:17360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stewarttaylor.com"] [uri "/api/.env"] [unique_id "akknYa1g5YUBo9Lrip1BvAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack