๐จ๐ฟ
ptlab
2026-07-11 22:45:48
(6 hours ago)
Detected php_null_array_access attack from WP-host.
Hacking
Web App Attack
๐ซ๐ท
conseilgouz
2026-07-11 18:47:52
(10 hours ago)
loe-7 : Trying access unauthorized files/dir=>/wp-content/plugins/dummyyummy/wp-signup.php
Hacking
๐บ๐ธ
ipblock.com
2026-07-11 17:25:00
(11 hours ago)
IPBlock protected site ID [4055-d][s=07].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 10:35:19
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:35:05.783087 2026] [security2:error] [pid 28700:tid 28703] [client 64.112.56.35:60429] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "volcano-sa.com"] [uri "/.env.bak"] [unique_id "alIcWW7DfA0YYft9JXi3WAAAAEE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-10 11:50:00
(1 day ago)
IPBlock protected site ID [4055-d][s=03].
Persistent 404, vulnerability scanner
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 00:07:30
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 20:07:12.881419 2026] [security2:error] [pid 16782:tid 16782] [client 64.112.56.35:41279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.teenybikini.com"] [uri "/.env.prod.local"] [unique_id "alA3sCx80kCiAkX0-y2hwQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 23:00:20
(2 days ago)
suspicious request in access.log
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 22:23:09
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:22:40.464379 2026] [security2:error] [pid 29414:tid 29414] [client 64.112.56.35:37297] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiyaplatform.com"] [uri "/.env.development.local"] [unique_id "alAfMD5YO7jNUdnu7YggNgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-09 17:58:00
(2 days ago)
IPBlock protected site ID [4055-d][s=07].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 12:56:22
(2 days ago)
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show more
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in printer-friendly.asp
show less
Exploited Host
Bad Web Bot
๐จ๐ญ
backslash
2026-07-09 08:27:06
(2 days ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:16:43
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:16:25.693338 2026] [security2:error] [pid 17343:tid 17343] [client 64.112.56.35:39931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kountz.org"] [uri "/.env.prod.local"] [unique_id "ak8SiY4eflV5IrmeIVxj4AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 00:14:48
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:14:29.198008 2026] [security2:error] [pid 22583:tid 22669] [client 64.112.56.35:46469] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uoexpanse.com"] [uri "/.env.dev.local"] [unique_id "ak7n5UnuFoTeINr19w4U8QAAAVA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-08 23:40:47
(3 days ago)
๐ฅถ Part of a DDoS attack wave
DDoS Attack
๐จ๐ฆ
polycoda
2026-07-08 21:48:26
(3 days ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack