๐บ๐ธ
TPI-Abuse
2026-07-10 04:43:16
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:42:56.566016 2026] [security2:error] [pid 30306:tid 30306] [client 64.112.57.177:48451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.athletefirst.org"] [uri "/.env.backup"] [unique_id "alB4UPDqwE0FplbyZY_jZgAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 02:44:07
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 22:43:43.964693 2026] [security2:error] [pid 17333:tid 17333] [client 64.112.57.177:37845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.10bestcountryclubs.com"] [uri "/.env"] [unique_id "alBcX3f2KUrmuGQqOlZQDgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
ScamAware
2026-07-09 22:35:49
(8 hours ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 2. Unique request paths counted internally: 2. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-09 20:15:00
(11 hours ago)
IPBlock protected site ID [4055-d][s=02].
Persistent 404, vulnerability scanner
Hacking
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-09 17:21:01
(14 hours ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-09 13:14:26
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 09:14:18.150856 2026] [security2:error] [pid 29266:tid 29266] [client 64.112.57.177:42341] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mathewsdental.com"] [uri "/.env.dev.local"] [unique_id "ak-eqv1ofCDrCP02unnSpQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-09 12:51:13
(18 hours ago)
[Thu Jul 09 22:51:09.255467 2026] [security2:error] [pid 516196] [client 64.112.57.177:36409] [clien ...
show more
[Thu Jul 09 22:51:09.255467 2026] [security2:error] [pid 516196] [client 64.112.57.177:36409] [client 64.112.57.177] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/.env.production.local"] [unique_id "ak-ZPQenA5WHCNbloQacrwAAAAc"]
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 00:14:48
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:14:29.223052 2026] [security2:error] [pid 22586:tid 22723] [client 64.112.57.177:45881] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uoexpanse.com"] [uri "/.env"] [unique_id "ak7n5Tw4QkHDayvGJQh-XgAAAg8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-08 23:43:20
(1 day ago)
๐ฅถ Part of a DDoS attack wave
DDoS Attack
๐จ๐ฆ
polycoda
2026-07-08 21:48:26
(1 day ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
๐ฌ๐ง
AvonleaConsulting
2026-07-08 19:35:45
(1 day ago)
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
Bad Web Bot
Web App Attack