π«π·
masterguru
2026-07-19 06:57:15
(19 minutes ago)
Restricted File Access Attempt. Matched phrase ".aws/" at REQUEST_FILENAME. (930130-201)
Hacking
Web App Attack
πΊπΈ
Lee Daniel
2026-07-19 06:10:15
(1 hour ago)
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /graphql/console HTTP/1.1" 404 15245 "-" "Mozilla/5 ...
show more
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /graphql/console HTTP/1.1" 404 15245 "-" "Mozilla/5.0 (compatible; Applebot-Extended/0.1; +http://www.apple.com/go/applebot)"
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /graphql HTTP/1.1" 404 15214 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)"
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /actuator/configprops HTTP/1.1" 404 15183 "-" "anthropic-ai"
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /phpinfo.php HTTP/1.1" 404 15211 "-" "anthropic-ai"
34.40.45.3 - - [19/Jul/2026:02:10:14 -0400] "GET /z9x8c7v6b5-debug-trigger-ngebarbados.com HTTP/1.1" 404 15256 "-" "Mozilla/5.0 (compatible; Applebot-Extended/0.1; +http://www.apple.com/go/applebot)"
...
show less
DDoS Attack
Web Spam
Email Spam
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
π³π±
ReyhZhao
2026-07-19 06:00:49
(1 hour ago)
Multiple ModSecurity blocks detected from a single source IP, including a restricted file access att ...
show more
Multiple ModSecurity blocks detected from a single source IP, including a restricted file access attempt and disallowed request content types.
show less
Brute-Force
π¬π§
consul.to
2026-07-19 06:00:23
(1 hour ago)
Web attack/malicious scanning detected
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-19 05:36:20
(1 hour ago)
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com ...
show more
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 01:36:15.415254 2026] [security2:error] [pid 23157:tid 23157] [client 34.40.45.3:55432] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||nightowlprinting.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nightowlprinting.com"] [uri "/z9x8c7v6b5-debug-trigger-nightowlprinting.com"] [unique_id "alxiT9b40btyQt4ANdmWcgAAADA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
openstrike.co.uk
2026-07-19 05:14:15
(2 hours ago)
67 attacks on VC URLs, PHP URLs, config grabbing URLs (type 2), password grabbing URLs, env grabbing ...
show more
67 attacks on VC URLs, PHP URLs, config grabbing URLs (type 2), password grabbing URLs, env grabbing URLs:
GET /.git/HEAD HTTP/1.1
GET /phpinfo.php HTTP/1.1
GET /app-config.json HTTP/1.1
GET /.aws/credentials HTTP/1.1
GET /.env.prod.bak HTTP/1.1
show less
Hacking
Web App Attack
Anonymous
2026-07-19 04:58:03
(2 hours ago)
Bot / scanning and/or hacking attempts: GET /.env.production.bak HTTP/2.0, GET /actuator/env HTTP/2. ...
show more
Bot / scanning and/or hacking attempts: GET /.env.production.bak HTTP/2.0, GET /actuator/env HTTP/2.0, GET /.env.test HTTP/2.0, GET /.env.staging HTTP/2.0, GET /config.env HTTP/2.0, GET /staging/.env HTTP/2.0, GET /production/.env HTTP/2.0, GET /dev/.env HTTP/2.0, GET /src/.env HTTP/2.0, GET /.env.swp HTTP/2.0, GET /sendgrid.env HTTP/2.0, GET /appsettings.Development.json HTTP/2.0, GET /server/.env HTTP/2.0, GET /gradle.properties HTTP/2.0, GET /docker/.env HTTP/2.0, GET /app/.env HTTP/2.0, GET /.env.development HTTP/2.0, GET /settings.py HTTP/2.0, GET /frontend/.env HTTP/2.0
show less
Hacking
Web App Attack
π©πͺ
Ba-Yu
2026-07-19 04:51:42
(2 hours ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-19 04:36:58
(2 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com ...
show more
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 00:36:51.312383 2026] [security2:error] [pid 25485:tid 25485] [client 34.40.45.3:59408] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||nhgrange.org|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nhgrange.org"] [uri "/rclone.conf"] [unique_id "alxUY8_ZOzE0qUmsxOasfgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Savvii
2026-07-19 04:35:40
(2 hours ago)
20 attempts against mh-misbehave-ban on ozone
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-19 04:18:52
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com ...
show more
(mod_security) mod_security (id:210492) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 00:18:47.990661 2026] [security2:error] [pid 19142:tid 19159] [client 34.40.45.3:53800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nicholsinvest.com"] [uri "/.git/config"] [unique_id "alxQJ3dTNVY-SrGFy_DsrgAAAI4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-19 03:57:36
(3 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com ...
show more
(mod_security) mod_security (id:210730) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 23:57:30.170777 2026] [security2:error] [pid 2337830:tid 2337830] [client 34.40.45.3:33898] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nifeconsult.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nifeconsult.com"] [uri "/rclone.conf"] [unique_id "alxLKlUAZKu3EVMjVhpN8AAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-19 03:30:13
(3 hours ago)
Excessive multi-domain requests
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-19 03:28:01
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com ...
show more
(mod_security) mod_security (id:210492) triggered by 34.40.45.3 (3.45.40.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 23:27:54.137120 2026] [security2:error] [pid 1237:tid 1237] [client 34.40.45.3:39864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nldi.us"] [uri "/.git/config"] [unique_id "alxEOq_dlk4D6HLLnELnRAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΈπͺ
vaia.cloud
2026-07-19 03:09:01
(4 hours ago)
trying wp-login.php/xmlrpc.php 36 times in 1 minutes
Brute-Force
Web App Attack