๐บ๐ธ
TPI-Abuse
2026-07-19 05:09:03
(2 minutes ago)
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 01:08:55.802657 2026] [security2:error] [pid 3022935:tid 3022935] [client 34.39.87.128:60280] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||montepulciano.org|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "montepulciano.org"] [uri "/rclone.conf"] [unique_id "alxb55genjdRacL9lUUwFAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-19 05:07:00
(4 minutes ago)
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110- ...
show more
Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110-122)
show less
Hacking
๐ซ๐ท
Octopuce
2026-07-19 03:51:45
(1 hour ago)
Aggressive web search of vulnerable pages: /.env.production /.env.local /.env.backup /.env /backend/ ...
show more
Aggressive web search of vulnerable pages: /.env.production /.env.local /.env.backup /.env /backend/.env /admin/.env /.env.example /config/.env ...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 03:16:47
(1 hour ago)
(mod_security) mod_security (id:949110) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:949110) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 23:16:42.334559 2026] [security2:error] [pid 1249017:tid 1249017] [client 34.39.87.128:44650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "motunaonaobookings.com"] [uri "/.git/config"] [unique_id "alxBmpmZFk3k4lnXBABsKgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 02:54:42
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210492) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 22:54:37.006337 2026] [security2:error] [pid 2579:tid 2604] [client 34.39.87.128:44132] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "morganswarsong.com"] [uri "/.git/config"] [unique_id "alw8bYSrJJDgNMooNEuATwAAAIs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-07-19 02:06:09
(3 hours ago)
Scanning/Probing (19)
Brute-Force
Web App Attack
๐จ๐ญ
4server
2026-07-19 01:17:54
(3 hours ago)
[SunJul1903:17:50.4079172026][security2:error][pid3041266:tid3041502][client34.39.87.128:0]ModSecuri ...
show more
[SunJul1903:17:50.4079172026][security2:error][pid3041266:tid3041502][client34.39.87.128:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.10\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"motogiro.com\"][uri\"/.aws/config\"][unique_id\"alwlvjm04U6P5pAD5SkPsAAAAQI\"]
show less
Hacking
Web App Attack
๐ฎ๐น
www.tana.it
2026-07-19 01:00:37
(4 hours ago)
PHP scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 00:25:21
(4 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 20:25:14.822096 2026] [security2:error] [pid 14861:tid 14861] [client 34.39.87.128:39654] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||monmouthbottleshop.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "monmouthbottleshop.com"] [uri "/rclone.conf"] [unique_id "alwZasEUrws0mxfuBdMvEwAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-18 23:18:56
(5 hours ago)
cloudlinux2 fail2ban: 2026-07-19 01:14:13,481 fail2ban.filter [1598]: INFO [plesk-modsecu ...
show more
cloudlinux2 fail2ban: 2026-07-19 01:14:13,481 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,497 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,446 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,400 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,458 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,638 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cloudlinux2 fail2ban: 2026-07-19 01:14:13,586 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 34.39.87.128 - 2026-07-19 01:14:13cl
show less
Brute-Force
Anonymous
2026-07-18 23:16:09
(5 hours ago)
PSCSERV WPSCAN 34.39.87.128
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-18 22:42:57
(6 hours ago)
20 attempts against mh-misbehave-ban on onion
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 21:24:07
(7 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210730) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 17:24:01.088833 2026] [security2:error] [pid 6473:tid 6473] [client 34.39.87.128:40660] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||moodyauto.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "moodyauto.com"] [uri "/rclone.conf"] [unique_id "alvu8cmFFLshBLXPxDFvqQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 20:46:13
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:210492) triggered by 34.39.87.128 (128.87.39.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 16:46:06.484060 2026] [security2:error] [pid 929:tid 929] [client 34.39.87.128:45658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "movierebuspuzzles.com"] [uri "/.git/config"] [unique_id "alvmDiQfuxVaumwNDWR8gQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-18 20:32:07
(8 hours ago)
20 attempts against mh-misbehave-ban on redirect
Brute-Force
Bad Web Bot
Web App Attack