π¬π§
openstrike.co.uk
2026-06-26 05:16:19
(1 week ago)
59 attacks on config grabbing URLs (type 2), VC URLs, env grabbing URLs, password grabbing URLs:
GET ...
show more
59 attacks on config grabbing URLs (type 2), VC URLs, env grabbing URLs, password grabbing URLs:
GET /application_default_credentials.json HTTP/1.1
GET /.git/config HTTP/1.1
GET /.env.production.swp HTTP/1.1
GET /.aws/credentials HTTP/1.1
show less
Hacking
π³π±
Savvii
2026-06-24 19:54:24
(1 week ago)
20 attempts against mh-misbehave-ban on solar
Brute-Force
Bad Web Bot
Web App Attack
π³π±
SysAdmin Dylan
2026-06-24 09:15:50
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b4 (Unknown): 10 in the last 36 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b4 (Unknown): 10 in the last 3600 secs
show less
Brute-Force
π³π±
Mangelot Hosting
2026-06-23 16:17:31
(1 week ago)
(modsecurity) srv102 ModSecurity 2a04:c300:400::1b4 (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more
(modsecurity) srv102 ModSecurity 2a04:c300:400::1b4 (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 15:16:56
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 11:16:49.257871 2026] [security2:error] [pid 32321:tid 32321] [client 2a04:c300:400::1b4:64210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.seebeexee.com"] [uri "/api/.env"] [unique_id "ajqjYWdeAenNR6qnKGjajgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
e.fierstra
2026-06-23 13:00:45
(1 week ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-06-23 12:37:07
(1 week ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2026-06-23 08:05:08
(1 week ago)
WAF repeated trigger detected by Fail2Ban
Web App Attack
π¬π§
Mendip_Defender
2026-06-23 00:20:19
(1 week ago)
2a04:c300:400::1b4 - - [23/Jun/2026:01:20:07 +0100] "GET /wp-content/debug.log HTTP/2.0" 403 129 "-" ...
show more
2a04:c300:400::1b4 - - [23/Jun/2026:01:20:07 +0100] "GET /wp-content/debug.log HTTP/2.0" 403 129 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0"
2a04:c300:400::1b4 - - [23/Jun/2026:01:20:11 +0100] "GET /.anthropic/config.json HTTP/1.1" 404 76175 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0"
2a04:c300:400::1b4 - - [23/Jun/2026:01:20:11 +0100] "GET /appsettings.Production.json HTTP/1.1" 404 76175 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:150.0) Gecko/20100101 Firefox/150.0"
...
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-22 22:28:28
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:28:21.165687 2026] [security2:error] [pid 23392:tid 23392] [client 2a04:c300:400::1b4:52730] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ipv6.opmasterpainter.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ipv6.opmasterpainter.com"] [uri "/wp-content/debug.log"] [unique_id "ajm3BYsAUNqkgdv9UVJV-gAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
homeshowdomain.nl
2026-06-22 22:03:24
(1 week ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21.
show less
Web App Attack
SSH
Hacking
πΊπΈ
TPI-Abuse
2026-06-22 21:16:00
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:15:53.762570 2026] [security2:error] [pid 13767:tid 13767] [client 2a04:c300:400::1b4:52756] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||luisgtechgroup.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "luisgtechgroup.com"] [uri "/wp-content/debug.log"] [unique_id "ajmmCeyWZG8TIol33SVL5wAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Hazzard
2026-06-22 20:16:47
(1 week ago)
*Port Scan* detected from 2a04:c300:400::1b4 (US/United States/-/-/-/[redacted]).
Port Scan
πΊπΈ
TPI-Abuse
2026-06-22 15:56:57
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 11:56:53.052134 2026] [security2:error] [pid 29936:tid 29936] [client 2a04:c300:400::1b4:59982] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jstgeorg.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jstgeorg.org"] [uri "/wp-content/debug.log"] [unique_id "ajlbRar2llEV8SFVF32hUAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-22 10:44:19
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b4 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 06:44:13.058633 2026] [security2:error] [pid 21492:tid 21492] [client 2a04:c300:400::1b4:10874] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.fresh-cut.us|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.fresh-cut.us"] [uri "/wp-content/debug.log"] [unique_id "ajkR_SuyxKeV1PB7ju5jbAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack