๐ซ๐ท
Cuteminded
2026-07-03 13:45:34
(1 hour ago)
Brute force web login attempts
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-03 13:25:59
(1 hour ago)
2a04:c300:400::f2 - - [03/Jul/2026:16:25:59 +0300] "GET /app/.env HTTP/1.1" 404 3044 "-" "Mozilla/5. ...
show more
2a04:c300:400::f2 - - [03/Jul/2026:16:25:59 +0300] "GET /app/.env HTTP/1.1" 404 3044 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
2a04:c300:400::f2 - - [03/Jul/2026:16:25:59 +0300] "GET /backend/.env HTTP/1.1" 404 3045 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-07-03 13:20:12
(1 hour ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-07-03 11:46:22
(3 hours ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-03 10:34:40
(4 hours ago)
20 attempts against mh-misbehave-ban on chard
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ฌ
HighWay
2026-07-03 10:03:10
(5 hours ago)
2a04:c300:400::f2 - - [03/Jul/2026:10:03:08 +0000] "GET /.env.local HTTP/1.1" 403 421 "-" "Mozilla/5 ...
show more
2a04:c300:400::f2 - - [03/Jul/2026:10:03:08 +0000] "GET /.env.local HTTP/1.1" 403 421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0"
2a04:c300:400::f2 - - [03/Jul/2026:10:03:08 +0000] "GET /backend/.aws/credentials HTTP/1.1" 403 4348 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0"
...
show less
Web App Attack
Bad Web Bot
๐ฌ๐ง
gws-hostmaster
2026-07-03 09:02:52
(6 hours ago)
ModSecurity OWASP CRS (Anomaly Score: 10): Restricted File Access Attempt;Restricted File Access Att ...
show more
ModSecurity OWASP CRS (Anomaly Score: 10): Restricted File Access Attempt;Restricted File Access Attempt: AI Coding Assistant Artifact;URL file extension is restricted by policy;
show less
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-03 08:33:08
(6 hours ago)
Excessive multi-domain requests
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-03 08:15:53
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::f2 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::f2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 04:15:48.994804 2026] [security2:error] [pid 26615:tid 26615] [client 2a04:c300:400::f2:40550] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.lauranixon.com"] [uri "/.env"] [unique_id "akdvtCDWBvwF38E9L0NQGwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
ScamAware
2026-07-03 07:13:57
(7 hours ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 43. Unique request paths counted internally: 43. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Web App Attack
๐จ๐ญ
Ribeye375
2026-07-03 03:37:11
(11 hours ago)
HIPS web-exfiltration - Block tcp/0:65535
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-03 03:31:18
(11 hours ago)
Probing websites for vulnerabilities
Web App Attack
๐ฉ๐ช
macrob
2026-07-03 03:00:52
(12 hours ago)
2026/07/03 03:00:50 [error] 1102790#1102790: *346973229 access forbidden by rule, client: 2a04:c300: ...
show more
2026/07/03 03:00:50 [error] 1102790#1102790: *346973229 access forbidden by rule, client: 2a04:c300:400::f2, server: fn.binixo.es, request: "GET /.env HTTP/2.0", host: "smtp.wellbin.org"
2026/07/03 03:00:50 [error] 1102792#1102792: *346973233 access forbidden by rule, client: 2a04:c300:400::f2, server: fn.binixo.es, request: "GET /app/.npmrc HTTP/2.0", host: "smtp.wellbin.org"
2026/07/03 03:00:50 [error] 1102795#1102795: *346973232 access forbidden by rule, client: 2a04:c300:400::f2, server: fn.binixo.es, request: "GET /app/.aws/config HTTP/2.0", host: "smtp.wellbin.org"
...
show less
Web App Attack
๐ฎ๐น
VHosting
2026-07-03 03:00:09
(12 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 01:01:33
(14 hours ago)
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::f2 (Unknown): 1 in the last 300 ...
show more
(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::f2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 21:01:27.755671 2026] [security2:error] [pid 16944:tid 16944] [client 2a04:c300:400::f2:22564] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.cabwebs.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.cabwebs.com"] [uri "/wp-content/debug.log"] [unique_id "akcJ58zbXME_UrYm8zAcrgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack