๐บ๐ธ
TPI-Abuse
2026-06-22 04:41:00
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 00:40:54.439204 2026] [security2:error] [pid 22682:tid 22682] [client 2a04:c300:400::1ce:16020] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.jeanlouisdarville.com"] [uri "/laravel/.env"] [unique_id "aji81u4Bn7IcBLjmnkTH5wAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 03:15:52
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 23:15:48.734961 2026] [security2:error] [pid 17231:tid 17231] [client 2a04:c300:400::1ce:62678] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||owenmail.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "owenmail.com"] [uri "/wp-content/debug.log"] [unique_id "ajio5Fs0jA6YN2CDSdhCRwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 00:45:47
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 20:45:41.206895 2026] [security2:error] [pid 21978:tid 21998] [client 2a04:c300:400::1ce:10134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.shieldsenterprisesusa.com"] [uri "/laravel/.env"] [unique_id "ajiFtRolJZGhThIFO1TaNwAAAFE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 00:08:55
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 20:08:49.719526 2026] [security2:error] [pid 5118:tid 5165] [client 2a04:c300:400::1ce:37824] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dreammile.info.ahsdistance.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dreammile.info.ahsdistance.org"] [uri "/wp-content/debug.log"] [unique_id "ajh9ER3uCCdofbgSB2uSqgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 23:42:25
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 19:42:22.844261 2026] [security2:error] [pid 17314:tid 17314] [client 2a04:c300:400::1ce:5530] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.certifiedfarmersmarkets.org"] [uri "/.env"] [unique_id "ajh23sImH5fPaUkUFSX0ZgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 23:04:48
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 19:04:40.876961 2026] [security2:error] [pid 24790:tid 24790] [client 2a04:c300:400::1ce:44114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.acquivest.net"] [uri "/.env"] [unique_id "ajhuCIlkV1mKLARiCICTXAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
updown.io
2026-06-21 22:14:21
(3 weeks ago)
{"level":"info","ts":1782077520.1235607,"logger":"http.log.access.log1","msg":"handled request","req ...
show more
{"level":"info","ts":1782077520.1235607,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1ce","remote_port":"51758","client_ip":"2a04:c300:400::1ce","proto":"HTTP/1.1","method":"GET","host":"status.bitwonder.io","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.00010549,"size":0,"status":308,"resp_headers":{"Connection":["close"],"Location":["https://status.bitwonder.io/"],"Content-Type":[],"Server":["Caddy"]}}
{"level":"info","ts":1782077527.0521667,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1ce","remote_port":"30244","client_ip":"2a04:c300:400::1ce","proto":"HTTP/1.1","method":"GET","host":"status.bitwonder.io","uri":"/credentials/service-account.json","headers":{"Accept":["text/html,application/xh
...
show less
DDoS Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 22:06:48
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 18:06:43.891078 2026] [security2:error] [pid 8561:tid 8561] [client 2a04:c300:400::1ce:23322] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.newmooncafe.com"] [uri "/.env"] [unique_id "ajhgcwJc3woQ7JOfEQCW4wAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 21:49:44
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:49:40.853560 2026] [security2:error] [pid 4212:tid 4212] [client 2a04:c300:400::1ce:20834] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.rhythmandbluescompany.com"] [uri "/.env.development"] [unique_id "ajhcdGMpCsX4vfFi5YMvrQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 21:20:07
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:19:58.327112 2026] [security2:error] [pid 460:tid 460] [client 2a04:c300:400::1ce:60634] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.belize-boat-registration.com"] [uri "/.env"] [unique_id "ajhVfkYr2xM-yxsqGix0fwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-21 20:32:28
(3 weeks ago)
(modsecurity) srv101 ModSecurity 2a04:c300:400::1ce (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more
(modsecurity) srv101 ModSecurity 2a04:c300:400::1ce (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
Anonymous
2026-06-21 17:50:57
(3 weeks ago)
2a04:c300:400::1ce - - [21/Jun/2026:17:50:56 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 381 "-" ...
show more
2a04:c300:400::1ce - - [21/Jun/2026:17:50:56 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 381 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 17:23:57
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:23:52.622818 2026] [security2:error] [pid 5047:tid 5047] [client 2a04:c300:400::1ce:46110] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||garybrownbeat.garyandthegroove.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "garybrownbeat.garyandthegroove.com"] [uri "/wp-content/debug.log"] [unique_id "ajgeKEibO65F6p60_Hw0WgAAAIo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 16:56:12
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:56:07.484672 2026] [security2:error] [pid 24689:tid 24689] [client 2a04:c300:400::1ce:34656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.allisonokon.com"] [uri "/public/.env"] [unique_id "ajgXp8mu9B4NXIhMO-aFJQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-21 16:51:25
(3 weeks ago)
(modsecurity) srv201 ModSecurity 2a04:c300:400::1ce (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more
(modsecurity) srv201 ModSecurity 2a04:c300:400::1ce (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack