๐บ๐ธ
TPI-Abuse
2026-07-11 11:59:00
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 07:58:45.064248 2026] [security2:error] [pid 16335:tid 16335] [client 64.112.57.196:54077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiyaplatform.com"] [uri "/.env.save"] [unique_id "alIv9cry0B7F78I9qvqL2QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-10 16:36:00
(22 hours ago)
IPBlock protected site ID [4055-d][s=06].
Persistent 404, vulnerability scanner
Hacking
Bad Web Bot
Web App Attack
Anonymous
2026-07-10 16:11:06
(22 hours ago)
[10/Jul/2026:19:10:29 +0300] 178369982953.469686 64.112.57.196 32865 148.251.76.218 443
[10/Jul/2026 ...
show more
[10/Jul/2026:19:10:29 +0300] 178369982953.469686 64.112.57.196 32865 148.251.76.218 443
[10/Jul/2026:19:11:05 +0300] 178369986580.682888 64.112.57.196 55263 148.251.76.218 443
show less
Web App Attack
Anonymous
2026-07-10 14:45:18
(1 day ago)
Attempting WordPress exploit (/wp-content/plugins/WordPressCore/)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 00:04:36
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 20:04:17.660384 2026] [security2:error] [pid 17565:tid 17565] [client 64.112.57.196:44701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegoldentether.com"] [uri "/.env.bak"] [unique_id "alA3ARFQO5HbvtXV2IeUFgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 23:00:23
(1 day ago)
suspicious request in access.log
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 20:30:53
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 16:30:30.876004 2026] [security2:error] [pid 19069:tid 19069] [client 64.112.57.196:45083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.creartest.com"] [uri "/.env.prod.local"] [unique_id "alAE5m0yVgI67UWsxKBBFwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
MacLotsen
2026-07-09 20:13:15
(1 day ago)
Violated robots.txt
Web Spam
๐ณ๐ด
jad-abuse
2026-07-09 19:48:41
(1 day ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-09 17:58:00
(1 day ago)
IPBlock protected site ID [4055-d][s=01].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-09 06:36:00
(2 days ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-09 03:41:32
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:41:23.072572 2026] [security2:error] [pid 26067:tid 26067] [client 64.112.57.196:43367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "old.renju.net"] [uri "/.env.prod"] [unique_id "ak8YY_oI3TAMTDKQTIbv1QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 00:00:30
(2 days ago)
(mod_security) mod_security (id:212620) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 64.112.57.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:00:14.840501 2026] [security2:error] [pid 22585:tid 22744] [client 64.112.57.196:38865] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||uoexpanse.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /forums/viewtopic.php?f=6&t=1229'\\x22><script>alert(68752)</script>&p=4157&sid=4d12e4ee6300b10a0ae25f5c20770812"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "uoexpanse.com"] [uri "/forums/viewtopic.php"] [unique_id "ak7kjqFwE19mOez4zVdCcgAAAcg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-08 23:44:15
(2 days ago)
๐ฅถ Part of a DDoS attack wave
DDoS Attack
๐จ๐ฆ
polycoda
2026-07-08 21:48:26
(2 days ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack