π³π±
homeshowdomain.nl
2026-05-02 22:09:25
(2 months ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-01.
show less
Web App Attack
SSH
Hacking
π«π·
masterguru
2026-05-01 06:31:27
(2 months ago)
Restricted File Access Attempt. Matched phrase "compose.yaml" at REQUEST_FILENAME. (930130-197)
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-01 05:11:17
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 01 01:11:09.986757 2026] [security2:error] [pid 383:tid 383] [client 34.174.236.226:43572] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||beambags.us.book-arts.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "beambags.us.book-arts.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "afQ17TvUWZHCOelG3_2vRwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-01 03:48:15
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 23:48:09.899735 2026] [security2:error] [pid 4889:tid 4889] [client 34.174.236.226:49286] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||415test.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "415test.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "afQieZ8zJKQCbfLWmccwVgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
masterguru
2026-05-01 03:36:20
(2 months ago)
Restricted File Access Attempt. Matched phrase "phpinfo.php" at REQUEST_FILENAME. (930130-196)
Hacking
Web App Attack
Anonymous
2026-05-01 02:50:14
(2 months ago)
Aggressive web scan
Bad Web Bot
Web App Attack
π¨π
4server
2026-05-01 01:49:15
(2 months ago)
[FriMay0103:49:10.0596862026][security2:error][pid1110812:tid1111014][client34.174.236.226:0]ModSecu ...
show more
[FriMay0103:49:10.0596862026][security2:error][pid1110812:tid1111014][client34.174.236.226:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\"wp-config\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"cpcontacts.gsdsagl.ch\"][uri\"/wp-config.php.bak\"][unique_id\"afQGlsS8Fh79ktZm2TdfQgAAAMY\"]
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-01 00:13:41
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 20:13:36.661761 2026] [security2:error] [pid 25526:tid 25613] [client 34.174.236.226:41692] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||conservativelabor.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "conservativelabor.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "afPwMIOzkg8WqUS5YFF3HQAAAYM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
webanyone
2026-04-30 23:47:31
(2 months ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-04-30 20:17:17
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 16:17:11.016591 2026] [security2:error] [pid 1915:tid 1934] [client 34.174.236.226:54028] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||eagletons.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "eagletons.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "afO4x9JHEq4zacg5d6KNIAAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-30 19:04:02
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 15:03:55.877977 2026] [security2:error] [pid 30728:tid 30728] [client 34.174.236.226:47772] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||limeroc.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "limeroc.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "afOnm_tkSom93saZulZcnwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-30 18:41:41
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.174.236.226 (226.236.174.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 14:41:35.294628 2026] [security2:error] [pid 20840:tid 20840] [client 34.174.236.226:56382] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||grieve.tv|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "grieve.tv"] [uri "/.config/gcloud/credentials.db"] [unique_id "afOiXyLtKOm9-_x_zNISOQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
voormedia
2026-04-30 18:29:32
(2 months ago)
Accessed trap at '/docker-compose.yml'
Web App Attack
π¬π§
Apache
2026-04-30 17:48:42
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 34.174.236.226 (US/United States/226.236.174.34 ...
show more
(mod_security) mod_security (id:210492) triggered by 34.174.236.226 (US/United States/226.236.174.34.bc.googleusercontent.com): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
Anonymous
2026-04-30 17:41:03
(2 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack