๐บ๐ธ
ruusvuu
2026-07-19 06:53:22
(22 minutes ago)
Automated abuse report: 25 attack/probe requests from Google LLC / GB.
Targeted paths: /wp-json, /se ...
show more
Automated abuse report: 25 attack/probe requests from Google LLC / GB.
Targeted paths: /wp-json, /secrets.json, /secrets.yml, /docker-compose.yaml, /.npmrc.
Sample log lines:
[mart] ๐ 7/18/2026, 23:53:19 34.89.2.121 GET /id_ed25519 404 - 0.871 ms ref="-"
[mart] ๐ 7/18/2026, 23:53:20 34.89.2.121 POST /v1/graphql 404 - 1.295 ms ref="-"
[mart] ๐ 7/18/2026, 23:53:20 34.89.2.121 GET /.continue/config.json 404 - 0.980 ms ref="-"
Detected by an automated web-server log monitor.
show less
Web App Attack
๐ฎ๐ณ
evicky2002
2026-07-19 06:00:00
(1 hour ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ฉ๐ช
Sรฉfora Srl
2026-07-19 05:03:32
(2 hours ago)
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ...
show more
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-19 04:27:48
(2 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:210730) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 00:27:42.986091 2026] [security2:error] [pid 2129966:tid 2129966] [client 34.89.2.121:33262] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mthompson-business-services.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mthompson-business-services.com"] [uri "/z9x8c7v6b5-debug-trigger-mthompson-business-services.com"] [unique_id "alxSPgq5YrqIvjZcyz0qrwAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-19 03:30:02
(3 hours ago)
trying wp-login.php/xmlrpc.php 36 times in 1 minutes
Brute-Force
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-19 03:22:31
(3 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 03:22:25
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:210492) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 23:22:21.374251 2026] [security2:error] [pid 26574:tid 26574] [client 34.89.2.121:44350] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mqyr.com"] [uri "/backend/.env"] [unique_id "alxC7e8TU085iA7VxcwF_QAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 02:54:59
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:210492) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 22:54:55.614095 2026] [security2:error] [pid 4121:tid 4121] [client 34.89.2.121:41996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "musicwithsteve.com"] [uri "/.env"] [unique_id "alw8f3eRjpInHWaz5atUYQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-07-19 02:54:50
(4 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ณ๐ฑ
WeCloudit-Anti-Abuse
2026-07-19 02:18:28
(4 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
mnsf
2026-07-19 02:06:09
(5 hours ago)
Too many Status 40X (28)
Scanning/Probing (24)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 02:03:07
(5 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:210730) triggered by 34.89.2.121 (121.2.89.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 22:02:58.976186 2026] [security2:error] [pid 1353731:tid 1353731] [client 34.89.2.121:34844] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||mw-creations.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mw-creations.com"] [uri "/z9x8c7v6b5-debug-trigger-mw-creations.com"] [unique_id "alwwUuphMhfhM5rTHgxlMgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-07-19 02:02:35
(5 hours ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
Matthew Ping
2026-07-19 01:45:02
(5 hours ago)
ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
๐ณ๐ฑ
Roderic
2026-07-19 01:43:53
(5 hours ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted])
Bad Web Bot