๐บ๐ธ
TPI-Abuse
2026-07-16 18:02:47
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:02:29.103607 2026] [security2:error] [pid 4551:tid 4551] [client 64.112.56.36:35531] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.r-390a.net"] [uri "/.env.bak"] [unique_id "alkctR2AT_Ziq4D35ky55AAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TheJimmo
2026-07-16 13:46:53
(16 hours ago)
64.112.56.36 64.112.56.36 - - [16/Jul/2026:13:45:34 +0000] "GET /index.php?option=com_multiroot&cont ...
show more
64.112.56.36 64.112.56.36 - - [16/Jul/2026:13:45:34 +0000] "GET /index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 404 13581 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
64.112.56.36 64.112.56.36 - - [16/Jul/2026:13:45:37 +0000] "GET /wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php HTTP/1.1" 404 13491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
64.112.56.36 64.112.56.36 - - [16/Jul/2026:13:45:43 +0000] "POST /wp-login.php HTTP/1.1" 404 13352 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
64.112.56.36 64.112.56.36 - - [16/Jul/2026:13:45:45 +0000] "GET /backend/backend/auth/restore HTTP/1.1" 404 13386 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Appl
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 04:32:11
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 00:31:51.316757 2026] [security2:error] [pid 22711:tid 22711] [client 64.112.56.36:53545] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.easternimport.com"] [uri "/.env.development.local"] [unique_id "alhet6vwkNHZkrQD_MTZiAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 14:36:45
(1 day ago)
[Drupal AbuseIPDB module] Request path is blacklisted. /wp-admin/admin-ajax.php
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-15 02:36:17
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฉ๐ช
conseilgouz
2026-07-14 07:04:48
(2 days ago)
vee-12 : Block return, carriage return, ... characters=>/component/weblinks/weblink/43-guide-de-l-au ...
show more
vee-12 : Block return, carriage return, ... characters=>/component/weblinks/weblink/43-guide-de-l-auto?catid=11&Itemid=1029&task=weblink.go'(')
show less
Hacking
๐บ๐ธ
nyt
2026-07-14 04:55:07
(3 days ago)
Path Traversal, Path Traversal
Web App Attack
๐ฉ๐ช
conseilgouz
2026-07-13 16:08:07
(3 days ago)
mae-12 : Block return, carriage return, ... characters=>/index.php?view=article&amp='(')
Hacking
๐ฉ๐ช
conseilgouz
2026-07-13 11:01:03
(3 days ago)
ave-12 : Block return, carriage return, ... characters=>/media/vendor/jquery/js/jquery-noconflict.mi ...
show more
ave-12 : Block return, carriage return, ... characters=>/media/vendor/jquery/js/jquery-noconflict.min.js?3.7.1='(')
show less
Hacking
๐ฉ๐ช
Vegascosmetics
2026-07-13 07:51:21
(3 days ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐ฉ๐ช
conseilgouz
2026-07-11 18:47:29
(5 days ago)
coe-7 : Trying access unauthorized files/dir=>/wp-content/plugins/WordPressCore/
Hacking
๐บ๐ธ
ipblock.com
2026-07-11 17:28:00
(5 days ago)
IPBlock protected site ID [3192-af][s=02].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 10:35:23
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.56.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:35:05.787302 2026] [security2:error] [pid 11317:tid 11337] [client 64.112.56.36:52433] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "volcano-sa.com"] [uri "/.env.dev"] [unique_id "alIcWRJI1kI5yR0x8nZd7wAAARI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-10 11:50:00
(6 days ago)
IPBlock protected site ID [4055-d][s=02].
Persistent 404, vulnerability scanner
Hacking
Bad Web Bot
Web App Attack
๐จ๐ฆ
SSH-Admin
2026-07-10 04:00:04
(1 week ago)
Probing for Exploits on ns200
Exploited Host
Web App Attack