π©πͺ
auridh
2026-06-30 03:13:42
(26 minutes ago)
Ip 2a09:bac5:9447:1b37::2b6:f performed 'crowdsecurity/appsec-vpatch' (2 events over 10.525386852s) ...
show more
Ip 2a09:bac5:9447:1b37::2b6:f performed 'crowdsecurity/appsec-vpatch' (2 events over 10.525386852s) at 2026-06-30 03:03:13.334770967 +0000 UTC
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-30 01:44:10
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 21:44:05.131187 2026] [security2:error] [pid 26275:tid 26275] [client 2a09:bac5:9447:1b37::2b6:f:35026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.indie100.com"] [uri "/.env"] [unique_id "akMfZenG7TGTep5qOCFfzgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
XICTRON
2026-06-29 19:20:05
(8 hours ago)
ModSecurity rule violation detected by Fail2Ban
Web App Attack
π³π±
e.fierstra
2026-06-29 18:17:19
(9 hours ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
πΊπΈ
helios.live
2026-06-29 17:21:41
(10 hours ago)
2026/06/29 17:21:40 [error] 2453210#2453210: *240647 FastCGI sent in stderr: "Primary script unknown ...
show more
2026/06/29 17:21:40 [error] 2453210#2453210: *240647 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 2a09:bac5:9447:1b37::2b6:f, server: huginn.kocerroxy.com, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm.sock:", host: "huginn.kocerroxy.com"
2026/06/29 17:21:40 [error] 2453210#2453210: *240647 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 2a09:bac5:9447:1b37::2b6:f, server: huginn.kocerroxy.com, request: "GET /flowise/api/v1/credentials HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm.sock:", host: "huginn.kocerroxy.com"
2026/06/29 17:21:40 [error] 2453210#2453210: *240650 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 2a09:bac5:9447:1b37::2b6:f, server: huginn.kocerroxy.com, request: "GET /service-account.json HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm.sock:", ho
...
show less
Web App Attack
π©π°
ScamAware
2026-06-29 12:56:37
(14 hours ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 10. Unique request paths counted internally: 10. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 11:31:33
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:31:30.549947 2026] [security2:error] [pid 5320:tid 5320] [client 2a09:bac5:9447:1b37::2b6:f:50232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cas.majesticsolutions.co"] [uri "/.env.staging"] [unique_id "akJXkn-ZOEtgRWq2z-r1AAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 06:08:33
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 02:08:27.475284 2026] [security2:error] [pid 14953:tid 14953] [client 2a09:bac5:9447:1b37::2b6:f:62564] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.openmolecules.org"] [uri "/.env"] [unique_id "akIL2_pqeEAuGjeDGL1DdwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 01:36:07
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 21:36:04.120761 2026] [security2:error] [pid 18249:tid 18249] [client 2a09:bac5:9447:1b37::2b6:f:51124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.limbertree.com"] [uri "/.env.production.copy"] [unique_id "akHMBMT9X6Jt5dtaCs_6EQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
updown.io
2026-06-29 00:57:39
(1 day ago)
{"level":"info","ts":1782692770.6981323,"logger":"http.log.access.log0","msg":"handled request","req ...
show more
{"level":"info","ts":1782692770.6981323,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a09:bac5:9447:1b37::2b6:f","remote_port":"10622","client_ip":"2a09:bac5:9447:1b37::2b6:f","proto":"HTTP/1.1","method":"GET","host":"z92l.status.updown.io","uri":"/.npmrc","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"z92l.status.updown.io","ech":false}},"bytes_read":0,"user_id":"","duration":0.000175615,"size":0,"status":429,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Retry-After":["1"]}}
{"level":"info","ts":1782692770.8247824,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a09:bac5:9447:1b3
...
show less
DDoS Attack
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 00:21:48
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 20:21:42.945765 2026] [security2:error] [pid 28114:tid 28114] [client 2a09:bac5:9447:1b37::2b6:f:45494] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.diselet.com"] [uri "/.env"] [unique_id "akG6lufwzvusNp2oXkyYOAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 19:45:54
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 15:45:51.472622 2026] [security2:error] [pid 20126:tid 20126] [client 2a09:bac5:9447:1b37::2b6:f:45342] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.joshuarawlings.mark.rawlings.name"] [uri "/.env"] [unique_id "akF57wz7NH4tJEJ7MEDv9wAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-06-28 17:40:02
(1 day ago)
Excessive multi-domain requests
Brute-Force
πΊπΈ
TPI-Abuse
2026-06-28 16:44:21
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 12:44:13.816278 2026] [security2:error] [pid 22971:tid 22971] [client 2a09:bac5:9447:1b37::2b6:f:27516] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riccardiagency.com"] [uri "/app/.env"] [unique_id "akFPXUMe-pEisvhOMU78YAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 14:34:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac5:9447:1b37::2b6:f (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:34:15.998856 2026] [security2:error] [pid 26394:tid 26394] [client 2a09:bac5:9447:1b37::2b6:f:61660] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tudor-harris.com"] [uri "/.env"] [unique_id "akEw56g_0gIllQ-1TG8EOQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack