๐บ๐ธ
TPI-Abuse
2026-07-10 04:43:15
(41 minutes ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:42:58.811606 2026] [security2:error] [pid 21230:tid 21230] [client 64.112.57.198:40463] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.athletefirst.org"] [uri "/.env.old"] [unique_id "alB4UgSK-UslfSs1bjWrvgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-10 01:28:45
(3 hours ago)
"GET /wp-content/plugins/index.php HTTP/1.1"
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 00:07:33
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 20:07:12.884571 2026] [security2:error] [pid 4526:tid 4526] [client 64.112.57.198:36417] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.teenybikini.com"] [uri "/.env.dev"] [unique_id "alA3sHuB61l1IFRoWoc9bwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 22:23:05
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:22:40.469180 2026] [security2:error] [pid 8641:tid 8641] [client 64.112.57.198:33253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiyaplatform.com"] [uri "/.env.bak"] [unique_id "alAfML2zd6WGwMULgGLG2gAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 20:30:51
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 16:30:30.875863 2026] [security2:error] [pid 19068:tid 19068] [client 64.112.57.198:46557] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.creartest.com"] [uri "/.env.prod"] [unique_id "alAE5qBYWGSbyUxB3XQ8VAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ipblock.com
2026-07-09 20:15:00
(9 hours ago)
IPBlock protected site ID [4055-d][s=03].
Persistent 404, vulnerability scanner
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 15:13:38
(14 hours ago)
(mod_security) mod_security (id:212620) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 11:13:20.917132 2026] [security2:error] [pid 26069:tid 26069] [client 64.112.57.198:41203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.albertmassaad.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /medicaldivision/items.php?itemid=24'\\x22><script>alert(68752)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.albertmassaad.com"] [uri "/medicaldivision/items.php"] [unique_id "ak-6kFklcPhUtPu8Es3n5AAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-09 08:27:07
(20 hours ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:06:56
(1 day ago)
(mod_security) mod_security (id:211190) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:06:14.350296 2026] [security2:error] [pid 28889:tid 28889] [client 64.112.57.198:46265] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||panierduvillage.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "panierduvillage.com"] [uri "/index.php"] [unique_id "ak8sRngBn252c0RRT1SF-QAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:41:34
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:41:23.074386 2026] [security2:error] [pid 26068:tid 26068] [client 64.112.57.198:54779] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "old.renju.net"] [uri "/.env.production"] [unique_id "ak8YY0HlbUUDu0PdayaMOgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 00:00:30
(1 day ago)
(mod_security) mod_security (id:212620) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:212620) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:00:14.825862 2026] [security2:error] [pid 22585:tid 22760] [client 64.112.57.198:40773] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||uoexpanse.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /forums/viewtopic.php?f=6'\\x22><script>alert(68752)</script>&t=1229&p=4157&sid=4d12e4ee6300b10a0ae25f5c20770812"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "uoexpanse.com"] [uri "/forums/viewtopic.php"] [unique_id "ak7kjqFwE19mOez4zVdCcAAAAdg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-08 23:44:19
(1 day ago)
๐ฅถ Part of a DDoS attack wave
DDoS Attack
๐จ๐ฆ
polycoda
2026-07-08 21:48:26
(1 day ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 19:22:32
(1 day ago)
(mod_security) mod_security (id:220150) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:220150) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 15:22:20.173008 2026] [security2:error] [pid 5234:tid 5234] [client 64.112.57.198:56849] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\*.{0,399}\\\\*\\\\/)?select)" at ARGS:listingID. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5662"] [id "220150"] [rev "5"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)||www.oualierealty.com|F|2"] [data "352')/**/union/**/select/**/null,null,null,null,null,null,null,null,null,null,null,'qscan_union_20_11',null,null,null,null,null,null,null,null--qscan"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.oualierealty.com"] [uri "/index.php"] [unique_id "ak6jbCCVFmU8Jr9t2QAeRwAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 17:32:09
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 64.112.57.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:31:52.227737 2026] [security2:error] [pid 27960:tid 27960] [client 64.112.57.198:55975] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caferutadelaseda.com"] [uri "/.env.development.local"] [unique_id "ak6JiOucHFAlXCt7LD-MTQAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack