๐บ๐ธ
nasset
2026-07-19 15:38:01
(4 hours ago)
34.35.112.28 - - [19/Jul/2026:08:38:00 -0700] "GET /.ssh/id_ecdsa HTTP/1.1" 403 584 "-" "Mozilla/5.0 ...
show more
34.35.112.28 - - [19/Jul/2026:08:38:00 -0700] "GET /.ssh/id_ecdsa HTTP/1.1" 403 584 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Claude-SearchBot/1.0; +mailto:[email protected] "
34.35.112.28 - - [19/Jul/2026:08:38:00 -0700] "GET /.hermes/.env HTTP/1.1" 403 584 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
34.35.112.28 - - [19/Jul/2026:08:38:00 -0700] "GET /.ssh/id_rsa HTTP/1.1" 403 584 "-" "Mozilla/5.0 (compatible; GoogleOther; +http://www.google.com/bot.html)"
34.35.112.28 - - [19/Jul/2026:08:38:00 -0700] "GET /.ssh/config HTTP/1.1" 403 584 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected] )"
34.35.112.28 - - [19/Jul/2026:08:38:01 -0700] "GET /.ssh/authorized_keys HTTP/1.1" 403 584 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Claude-User/1.0; +mailto:[email protected] "
...
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
Petros Stefanakis
2026-07-19 14:52:07
(4 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 34.35.112.28 (28.112.35.34.bc.googleuse ...
show more
(mod_security) mod_security triggered on hostname [redacted] 34.35.112.28 (28.112.35.34.bc.googleusercontent.com)
show less
SQL Injection
๐บ๐ธ
Matthew Ping
2026-07-19 14:45:02
(4 hours ago)
ModSecurity rule 949110 triggered on d865. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
Anonymous
2026-07-19 14:41:35
(4 hours ago)
34.35.112.28 - - [19/Jul/2026:16:41:32 +0200] "GET / HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows N ...
show more
34.35.112.28 - - [19/Jul/2026:16:41:32 +0200] "GET / HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/150.0.0.0 Safari/537.36"
34.35.112.28 - - [19/Jul/2026:16:41:33 +0200] "GET /z9x8c7v6b5-debug-trigger-recruiterbasket.com HTTP/1.1" 403 153 "-" "Mozilla/5.0 (compatible; Amzn-SearchBot/1.0; +https://developer.amazon.com/support/amazonbot)"
34.35.112.28 - - [19/Jul/2026:16:41:33 +0200] "GET /admin HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36"
34.35.112.28 - - [19/Jul/2026:16:41:34 +0200] "GET /dashboard HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36 OPR/118.0.0.0"
34.35.112.28 - - [19/Jul/2026:16:41:34 +0200] "GET /webpack-stats.json HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Linux; Android 15; SM-S928B) AppleWebKit/537.36 (KHTML, like Gecko) Chrom
...
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-19 09:51:20
(9 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /.env | 5 distinct paths | UA: Mozilla/5.0 (comp ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /.env | 5 distinct paths | UA: Mozilla/5.0 (compatible; GoogleOther; +http://www.google.com/bot.html)
show less
Hacking
๐จ๐ญ
4server
2026-07-19 07:41:18
(11 hours ago)
[SunJul1909:41:14.3130842026][security2:error][pid161154:tid161385][client34.35.112.28:0]ModSecurity ...
show more
[SunJul1909:41:14.3130842026][security2:error][pid161154:tid161385][client34.35.112.28:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"reddragonrecords.ch\"][uri\"/.git/HEAD\"][unique_id\"alx_mgREO6OXl3JT6JuG_AAAAEA\"]
show less
Hacking
Web App Attack
๐บ๐ธ
itsnixk
2026-07-19 07:37:56
(12 hours ago)
(mod_security) mod_security (id:930140) triggered by 34.35.112.28 (ZA/South Africa/28.112.35.34.bc.g ...
show more
(mod_security) mod_security (id:930140) triggered by 34.35.112.28 (ZA/South Africa/28.112.35.34.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jul 19 03:37:52.774851 2026] [security2:error] [pid 8068:tid 8330] [remote 34.35.112.28:0] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".openclaw/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "180"] [id "930140"] [msg "Restricted File Access Attempt: AI Coding Assistant Artifact"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.27.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.openclaw/openclaw.json"] [unique_id "alx-0NvJXwRUlvKYM3puMAABYAs"]
show less
Port Scan
๐ฉ๐ช
sdos.es
2026-07-19 07:16:06
(12 hours ago)
"Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aw ...
show more
"Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"
show less
Web App Attack
๐ฎ๐ณ
evicky2002
2026-07-19 06:00:00
(13 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-19 05:55:20
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210492) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 01:55:11.371704 2026] [security2:error] [pid 3068586:tid 3068586] [client 34.35.112.28:50948] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rentalmgt.com"] [uri "/.git/config"] [unique_id "alxmvyD244J8cdkH1gwCJgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-07-19 05:14:35
(14 hours ago)
67 attacks on VC URLs, PHP URLs, config grabbing URLs (type 2), env grabbing URLs, password grabbing ...
show more
67 attacks on VC URLs, PHP URLs, config grabbing URLs (type 2), env grabbing URLs, password grabbing URLs:
GET /.git/HEAD HTTP/1.1
GET /app_dev.php/_profiler HTTP/1.1
GET /app-config.json HTTP/1.1
GET /app/.env HTTP/1.1
GET /.aws/credentials HTTP/1.1
show less
Hacking
Web App Attack
Anonymous
2026-07-19 05:01:01
(14 hours ago)
...
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 04:10:06
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210492) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 00:09:59.218862 2026] [security2:error] [pid 8500:tid 8500] [client 34.35.112.28:44620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "redweddingnapkins.com"] [uri "/admin/.env"] [unique_id "alxOF2opmBZk7mWsnJ818gAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 03:45:50
(15 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210730) triggered by 34.35.112.28 (28.112.35.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 23:45:44.661673 2026] [security2:error] [pid 12656:tid 12656] [client 34.35.112.28:42612] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||register-boat-germany.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "register-boat-germany.com"] [uri "/z9x8c7v6b5-debug-trigger-register-boat-germany.com"] [unique_id "alxIaApO0-83p7-atdRPLQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-19 03:14:59
(16 hours ago)
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110- ...
show more
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110-122)
show less
Hacking