๐ฉ๐ช
maxpower
2026-06-25 05:39:44
(1 week ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a04:c300:400::1b5 (US/United States/-): ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a04:c300:400::1b5 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a04:c300:400::1b5 - - [25/Jun/2026:07:39:29 +0200] "GET /client_secrets.json HTTP/2.0" 404 201 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" "2a04:c300:400::1b5" host=www.brokerleader.it
2a04:c300:400::1b5 - - [25/Jun/2026:07:39:29 +0200] "GET /.aws/credentials HTTP/2.0" 404 201 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" "2a04:c300:400::1b5" host=www.brokerleader.it
show less
Port Scan
๐ช๐ธ
alferez
2026-06-25 03:36:18
(1 week ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
๐ฑ๐น
NotACaptcha
2026-06-24 18:54:35
(1 week ago)
webserver:80 [24/Jun/2026] "GET /.env HTTP/1.1" 404 341 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X ...
show more
webserver:80 [24/Jun/2026] "GET /.env HTTP/1.1" 404 341 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0"
webserver:80 [24/Jun/2026] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
webserver:443 [24/Jun/2026] "GET / HTTP/1.1" 200 5497 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0"
show less
Web App Attack
๐ฉ๐ช
Hazzard
2026-06-24 16:21:43
(1 week ago)
*Port Scan* detected from 2a04:c300:400::1b5 (US/United States/-/-/-/[redacted]).
Port Scan
Anonymous
2026-06-24 15:06:29
(1 week ago)
Scenarios: http-probing, http-sensitive-files
Total requests: 113
Web App Attack
๐ซ๐ท
dynamix
2026-06-24 11:08:06
(1 week ago)
Multiple WAF Violations
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-24 10:35:30
(1 week ago)
Excessive multi-domain requests
Brute-Force
๐ฉ๐ช
dbmwebdesign
2026-06-24 09:25:20
(1 week ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
Anonymous
2026-06-24 06:43:45
(1 week ago)
(mod_security) mod_security triggered on hostname [redacted] 2a04:c300:400::1b5 (Unknown)
SQL Injection
๐ฌ๐ง
openstrike.co.uk
2026-06-24 05:15:01
(1 week ago)
59 attacks on VC URLs, env grabbing URLs, config grabbing URLs (type 2), password grabbing URLs:
GET ...
show more
59 attacks on VC URLs, env grabbing URLs, config grabbing URLs (type 2), password grabbing URLs:
GET /.git/config HTTP/1.1
GET /.env.production~ HTTP/1.1
GET /application_default_credentials.json HTTP/1.1
GET /.aws/credentials HTTP/1.1
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-24 02:21:58
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 22:21:55.066802 2026] [security2:error] [pid 20572:tid 20572] [client 2a04:c300:400::1b5:56380] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.guardiancns.com"] [uri "/.env.staging"] [unique_id "ajs_Q-wMrt33jjo5w7sJjwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-06-24 02:10:03
(1 week ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 00:47:57
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 20:47:53.735136 2026] [security2:error] [pid 22530:tid 22530] [client 2a04:c300:400::1b5:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.local639.com"] [uri "/.env"] [unique_id "ajspOQej2OQIU67I-OhM3QAAACQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 17:56:00
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 13:55:56.662007 2026] [security2:error] [pid 21867:tid 21867] [client 2a04:c300:400::1b5:44508] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||scadco.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "scadco.com"] [uri "/wp-content/debug.log"] [unique_id "ajrIrH5nmR06uARoowzD-AAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 17:10:11
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 13:10:04.373912 2026] [security2:error] [pid 22238:tid 22238] [client 2a04:c300:400::1b5:49342] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||scrunchiebutt.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "scrunchiebutt.com"] [uri "/wp-content/debug.log"] [unique_id "ajq97D1h3SVgHlxnAAJflAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack