Anonymous
2026-07-01 04:40:43
(1 week ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-06-21 16:08:19
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:08:16.043460 2026] [security2:error] [pid 5118:tid 5160] [client 2a0c:9f00:a000:1798::1:41460] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||letterstomyhusband.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "letterstomyhusband.com"] [uri "/wp-content/debug.log"] [unique_id "ajgMcB3uCCdofbgSB2t-JQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-21 08:45:02
(2 weeks ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-21 05:11:43
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 01:11:37.795126 2026] [security2:error] [pid 27246:tid 27246] [client 2a0c:9f00:a000:1798::1:53170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tausiet.com"] [uri "/.env.example"] [unique_id "ajdyiRAHLEcMSdav-AJjhwAAADg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Baking333
2026-06-20 14:05:28
(2 weeks ago)
[redacted] 2a0c:9f00:a000:1798::1 - - [20/Jun/2026:15:05:27 +0100] "GET /.aws/credentials HTTP/1.1" ...
show more
[redacted] 2a0c:9f00:a000:1798::1 - - [20/Jun/2026:15:05:27 +0100] "GET /.aws/credentials HTTP/1.1" 302 1528 0/65665 "http://[redacted]/.aws/credentials" "Mozilla/5.0 (compatible; Bytespider; spider-feedback@[redacted])" [redacted] 2a0c:9f00:a000:1798::1 - - [20/Jun/2026:15:05:27 +0100] "GET /.[redacted] HTTP/1.1" 302 1528 0/102206 "http://[redacted]/.[redacted]" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://[redacted]/perplexity-user"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
nodepile
2026-06-20 11:16:30
(2 weeks ago)
Requests denied due to active blacklist hits (tenant=82 method=GET path=/.env.example ua='Mozilla/5. ...
show more
Requests denied due to active blacklist hits (tenant=82 method=GET path=/.env.example ua='Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)')
show less
Web App Attack
Exploited Host
๐ช๐ธ
alferez
2026-06-20 10:56:18
(2 weeks ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-06-20 06:17:07
(2 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 02:37:25
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 22:37:18.063336 2026] [security2:error] [pid 30712:tid 30712] [client 2a0c:9f00:a000:1798::1:51852] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thereddoorlounge.com"] [uri "/backend/.env"] [unique_id "ajX83ioTEdQWd-TmTO4EMAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 02:14:53
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 22:14:48.735324 2026] [security2:error] [pid 17961:tid 17961] [client 2a0c:9f00:a000:1798::1:60252] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bickleton.org"] [uri "/.env"] [unique_id "ajX3mC0KTfLVKWsXuoyncQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 23:57:47
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:57:42.149829 2026] [security2:error] [pid 30354:tid 30354] [client 2a0c:9f00:a000:1798::1:45312] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ozkanturker.com"] [uri "/.env.production"] [unique_id "ajXXdjfSaQnK3xzLHhkh-wAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
helios.live
2026-06-19 23:26:39
(2 weeks ago)
2026/06/19 23:26:24 [error] 1108615#1108615: *1464437 access forbidden by rule, client: 2a0c:9f00:a0 ...
show more
2026/06/19 23:26:24 [error] 1108615#1108615: *1464437 access forbidden by rule, client: 2a0c:9f00:a000:1798::1, server: kocerroxy.com, request: "GET /.env.example HTTP/1.1", host: "kocerroxy.com"
2026/06/19 23:26:24 [error] 1108615#1108615: *1464460 access forbidden by rule, client: 2a0c:9f00:a000:1798::1, server: kocerroxy.com, request: "GET /.aws/credentials HTTP/1.1", host: "kocerroxy.com"
2026/06/19 23:26:39 [error] 1108615#1108615: *1464460 access forbidden by rule, client: 2a0c:9f00:a000:1798::1, server: kocerroxy.com, request: "GET /.env.local HTTP/1.1", host: "kocerroxy.com"
2026/06/19 23:26:39 [error] 1108615#1108615: *1464460 access forbidden by rule, client: 2a0c:9f00:a000:1798::1, server: kocerroxy.com, request: "GET /.env.production HTTP/1.1", host: "kocerroxy.com"
2026/06/19 23:26:39 [error] 1108615#1108615: *1464437 access forbidden by rule, client: 2a0c:9f00:a000:1798::1, server: kocerroxy.com, request: "GET /.env.backup HTTP/1.1", host: "kocerroxy.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 22:51:36
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:1798::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 18:51:31.486035 2026] [security2:error] [pid 10977:tid 10977] [client 2a0c:9f00:a000:1798::1:52784] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aares2026.net"] [uri "/.env"] [unique_id "ajXH8xLgOr91Pd-Z33BCQAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-19 22:00:02
(2 weeks ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐ณ๐ฑ
Roderic
2026-06-19 21:54:56
(2 weeks ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted])
Bad Web Bot