๐บ๐ธ
TPI-Abuse
2026-06-23 23:39:59
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:39:53.292081 2026] [security2:error] [pid 14081:tid 14081] [client 2a04:c300:400::1ba:14382] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.gocdt.com"] [uri "/web/.env"] [unique_id "ajsZSaNceYQkNEVyL2q8BwAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 14:15:49
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:15:45.000358 2026] [security2:error] [pid 10045:tid 10045] [client 2a04:c300:400::1ba:3140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.boliviapuertapuerta.com"] [uri "/app/.env"] [unique_id "ajqVERdf6qxqNgRlt-CpYgAAAC0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hazzard
2026-06-23 09:57:14
(6 days ago)
(mod_security) mod_security triggered on hostname [redacted]): (CF_ENABLE)
SQL Injection
๐ณ๐ฑ
e.fierstra
2026-06-23 06:42:04
(6 days ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-23 05:34:41
(6 days ago)
(modsecurity) srv102 ModSecurity 2a04:c300:400::1ba (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more
(modsecurity) srv102 ModSecurity 2a04:c300:400::1ba (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 03:52:10
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 23:52:06.780590 2026] [security2:error] [pid 5134:tid 5161] [client 2a04:c300:400::1ba:61688] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.johnritter.net|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.johnritter.net"] [uri "/wp-content/debug.log"] [unique_id "ajoC5rLsKU7ho4Zffo3ehAAAAJg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-23 03:10:44
(1 week ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 23:25:19
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:25:14.685980 2026] [security2:error] [pid 2230:tid 2230] [client 2a04:c300:400::1ba:3082] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.cain2012.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.cain2012.org"] [uri "/wp-content/debug.log"] [unique_id "ajnEWhIvK3xOMf_YXjTrAwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 22:37:01
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:36:57.592709 2026] [security2:error] [pid 18812:tid 18812] [client 2a04:c300:400::1ba:53234] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wbcsnet.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wbcsnet.com"] [uri "/wp-content/debug.log"] [unique_id "ajm5CfkCM-vof1Nls0mDrwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-22 22:03:44
(1 week ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-22 21:50:23
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:50:16.582219 2026] [security2:error] [pid 32440:tid 32440] [client 2a04:c300:400::1ba:14512] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pointillistic.com"] [uri "/.env"] [unique_id "ajmuGFbjHmu_8Ve29b7i3gAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 21:06:36
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:06:28.289847 2026] [security2:error] [pid 2676:tid 2676] [client 2a04:c300:400::1ba:5756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.davidnevue.com"] [uri "/.env.local"] [unique_id "ajmj1P2g8FtliJFHizwjqgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 20:10:38
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 16:10:31.589971 2026] [security2:error] [pid 10091:tid 10091] [client 2a04:c300:400::1ba:2142] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ballast-capital.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ballast-capital.com"] [uri "/wp-content/debug.log"] [unique_id "ajmWtxg3XHMVNSwd0dU-mAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 19:11:13
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 15:11:05.587826 2026] [security2:error] [pid 15377:tid 15377] [client 2a04:c300:400::1ba:23662] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.texaslawman.net"] [uri "/.env.development"] [unique_id "ajmIycHamU2-q1UUubGkcgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dbmwebdesign
2026-06-22 19:05:16
(1 week ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack