Anonymous
2026-07-01 04:40:26
(2 days ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ณ๐ฑ
homeshowdomain.nl
2026-06-22 22:03:01
(1 week ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-21 19:13:34
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:13:26.786465 2026] [security2:error] [pid 5153:tid 5153] [client 2a0c:9f00:a000:af74::1:54124] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kruizekontrhl.com.darkalleyproductions.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kruizekontrhl.com.darkalleyproductions.com"] [uri "/wp-content/debug.log"] [unique_id "ajg31gc8lCZBqAXvLbfOWAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-21 19:12:41
(1 week ago)
Try to access /.aws/credentials
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 18:46:07
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:46:04.043645 2026] [security2:error] [pid 28280:tid 28280] [client 2a0c:9f00:a000:af74::1:36668] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kristinmoore.com"] [uri "/.env.example"] [unique_id "ajgxbFLtn0Y23xldwI4fEAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 18:23:28
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:23:22.673454 2026] [security2:error] [pid 4560:tid 4560] [client 2a0c:9f00:a000:af74::1:59440] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||krewt.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "krewt.com"] [uri "/wp-content/debug.log"] [unique_id "ajgsGsGTpBkqh0HRjyJomQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
kranem
2026-06-21 18:00:05
(1 week ago)
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 14315 (1GSERVERS, LLC)
Protocol: HTTP/2 ( ...
show more
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 14315 (1GSERVERS, LLC)
Protocol: HTTP/2 (GET method)
Endpoint: /.next/required-server-files.json
Timestamp: 2026-06-21T17:46:13Z
User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-21 16:42:58
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:42:51.584125 2026] [security2:error] [pid 19309:tid 19336] [client 2a0c:9f00:a000:af74::1:34220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "koublacat.com"] [uri "/wp-config.php.bak"] [unique_id "ajgUi7PuTOCruWyQgbZdmwAAANc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
6kilowatti
2026-06-21 16:37:45
(1 week ago)
2a0c:9f00:a000:af74::1 - - [21/Jun/2026:19:37:44 +0300] "GET /secrets.yml HTTP/1.1" 404 60 "-" "Mozi ...
show more
2a0c:9f00:a000:af74::1 - - [21/Jun/2026:19:37:44 +0300] "GET /secrets.yml HTTP/1.1" 404 60 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 15:54:18
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:54:14.899588 2026] [security2:error] [pid 22205:tid 22205] [client 2a0c:9f00:a000:af74::1:58428] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||boatpeople.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "boatpeople.org"] [uri "/wp-content/debug.log"] [unique_id "ajgJJqUuCdBiwapYjcTEWgAAACw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 10:07:43
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 06:07:35.937912 2026] [security2:error] [pid 30812:tid 30812] [client 2a0c:9f00:a000:af74::1:59168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tradersworldmarket.com"] [uri "/api/.env"] [unique_id "aje3533Ha2wYr69O22jWJAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-06-21 09:13:00
(1 week ago)
IPBlock protected site ID [4055-d][s=03].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 08:13:29
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 04:13:21.567427 2026] [security2:error] [pid 688:tid 688] [client 2a0c:9f00:a000:af74::1:41496] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alexgitlin.com"] [uri "/.env.example"] [unique_id "ajedIXwKsnwQSlht5TXJPgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
bazter.pro
2026-06-21 07:09:03
(1 week ago)
Auto-Ban [2026-06-21 07:09:03]: CRITICAL: bot trap (soft) | host=www.geoproceso.com | route=/.env | ...
show more
Auto-Ban [2026-06-21 07:09:03]: CRITICAL: bot trap (soft) | host=www.geoproceso.com | route=/.env | hits=1 | ua=Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 05:52:16
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:af74::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 01:52:05.319393 2026] [security2:error] [pid 6627:tid 6627] [client 2a0c:9f00:a000:af74::1:46280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "armandselmwoodpark.com"] [uri "/.env"] [unique_id "ajd8BdK6zJ-cSSGVCAabAgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack