๐ฆ๐บ
paulshipley.com.au
2026-07-09 12:51:12
(6 hours ago)
[Thu Jul 09 22:51:09.248084 2026] [security2:error] [pid 503878] [client 64.112.57.191:48919] [clien ...
show more
[Thu Jul 09 22:51:09.248084 2026] [security2:error] [pid 503878] [client 64.112.57.191:48919] [client 64.112.57.191] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/.env.live"] [unique_id "ak-ZPUqs_3rmyDc6Mu9hgAAAAAM"]
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 10:48:46
(8 hours ago)
(mod_security) mod_security (id:212620) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 06:48:28.233074 2026] [security2:error] [pid 1836:tid 1836] [client 64.112.57.191:34589] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||thegoldentether.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /board/ucp.php?mode=login'\\x22><script>alert(68752)</script>&redirect=search.php?author_id=9912&sr=posts&sid=e70e073346e3079003afcee2303c0fa8"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "thegoldentether.com"] [uri "/board/ucp.php"] [unique_id "ak98fI7P1jw1SWNMzBbkHQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-09 10:16:00
(8 hours ago)
IPBlock protected site ID [4055-d][s=06].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-09 08:27:07
(10 hours ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:07:04
(13 hours ago)
(mod_security) mod_security (id:211190) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:06:14.238890 2026] [security2:error] [pid 22794:tid 22794] [client 64.112.57.191:40621] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||panierduvillage.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "panierduvillage.com"] [uri "/index.php"] [unique_id "ak8sRrPQlw_4ikKQvq6hngAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:41:31
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:41:23.073157 2026] [security2:error] [pid 766:tid 766] [client 64.112.57.191:60129] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "old.renju.net"] [uri "/.env.bak"] [unique_id "ak8YY61WUApd21eUisKfAwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 02:04:41
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 22:04:20.870830 2026] [security2:error] [pid 22375:tid 22375] [client 64.112.57.191:41899] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "indieheaven.io"] [uri "/.env.dev.local"] [unique_id "ak8BpLOTCJaYHYA9pslOgwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-08 23:43:55
(19 hours ago)
๐ฅถ Part of a DDoS attack wave
DDoS Attack
๐จ๐ฆ
polycoda
2026-07-08 21:48:26
(21 hours ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack