Anonymous
2026-07-17 00:06:15
(53 minutes ago)
Trying to access config files
Web App Attack
π«π·
dynamix
2026-07-16 23:43:54
(1 hour ago)
Multiple WAF Violations
Web App Attack
π³π±
homeshowdomain.nl
2026-07-16 22:03:03
(2 hours ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
πΊπΈ
TPI-Abuse
2026-07-16 21:53:24
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:53:20.311959 2026] [security2:error] [pid 534255:tid 534255] [client 43.161.255.81:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.dentguyvt.com"] [uri "/.env.backup"] [unique_id "allS0FKcw4sh_5Tdx4ARdgAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 20:50:19
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:50:12.978430 2026] [security2:error] [pid 13051:tid 13051] [client 43.161.255.81:38558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.xmas.martinka.org"] [uri "/.env.prod"] [unique_id "allEBBt0RkhodHHE6EDMpgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 20:06:59
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:05:14.428172 2026] [security2:error] [pid 19963:tid 19963] [client 43.161.255.81:56536] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bradmackenzie.com"] [uri "/.env.tmp"] [unique_id "alk5evHug8oq0EZyTp6QKgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 19:47:43
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:47:39.237646 2026] [security2:error] [pid 19419:tid 19419] [client 43.161.255.81:51654] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "slattery-law.com"] [uri "/.env.example"] [unique_id "alk1WxEDhTWFfm6898v5jwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 19:24:38
(5 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 18:47:39
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:47:23.380958 2026] [security2:error] [pid 29586:tid 29586] [client 43.161.255.81:34182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.iostation.kleens-uk.com"] [uri "/.env"] [unique_id "alknO6B2N5UbsE2l38ABHAAAACM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 18:19:36
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:19:31.695149 2026] [security2:error] [pid 10786:tid 10786] [client 43.161.255.81:32898] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hl-re.com"] [uri "/.env.development"] [unique_id "alkgsy7TdwPSy7IUKICnMwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
nyt
2026-07-16 18:05:50
(6 hours ago)
Sensitive File Probe, Accessing config file, likely probing for vulnerabilities.
Web App Attack
Anonymous
2026-07-16 17:56:24
(7 hours ago)
Web application exploitation attempts blocked at the web server edge
Web App Attack
Anonymous
2026-07-16 17:54:38
(7 hours ago)
(caddyscan) Scanner path probe from 43.161.255.81 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: ...
show more
(caddyscan) Scanner path probe from 43.161.255.81 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 43.161.255.81 - - [16/Jul/2026:17:54:29 +0000] "GET /root/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 43.161.255.81 - - [16/Jul/2026:17:54:29 +0000] "GET /home/ubuntu/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 43.161.255.81 - - [16/Jul/2026:17:54:29 +0000] "GET /home/ec2-user/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 43.161.255.81 - - [16/Jul/2026:17:54:30 +0000] "GET /home/node/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 43.161.255.81 - - [16/Jul/2026:17:54:33 +0000] "GET /.env.vault HTTP/1.1"
show less
Port Scan
πΊπΈ
TPI-Abuse
2026-07-16 17:44:12
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:43:59.971198 2026] [security2:error] [pid 13234:tid 13281] [client 43.161.255.81:55374] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.clientes.despachosyoficinas.com"] [uri "/.env.example"] [unique_id "alkYX2JsOKpnnDkB0xUrNwAAAQw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 17:27:41
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.255.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:27:25.955622 2026] [security2:error] [pid 2175:tid 2175] [client 43.161.255.81:54052] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jpwatters.info.jpwatters.net"] [uri "/.env.production"] [unique_id "alkUfZJWoEpJq_z5CUvuUAAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack