Anonymous
2026-06-13 16:32:56
(2 weeks ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 14:53:08
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 10:53:04.430213 2026] [security2:error] [pid 1766:tid 1778] [client 34.76.146.200:41774] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||coheteverde.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "coheteverde.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai1u0OV514EO4NLS50idoAAAAMc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
todix
2026-06-13 14:36:18
(2 weeks ago)
WebAttack or semilar from 34.76.146.200
Web App Attack
๐ฌ๐ง
Celtic
2026-06-13 11:56:29
(2 weeks ago)
Blocked by Fail2Ban with Jail (plesk-modsecurity)
Brute-Force
SSH
๐จ๐ฆ
polycoda
2026-06-13 11:50:01
(2 weeks ago)
AutoBlock: ๐ฏ Vulnerability Scanner (Non Decay-Based) - โ๏ธ Configuration File Access (Non Decay-Based ...
show more
AutoBlock: ๐ฏ Vulnerability Scanner (Non Decay-Based) - โ๏ธ Configuration File Access (Non Decay-Based)
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 10:42:18
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 06:42:11.958221 2026] [security2:error] [pid 8808:tid 8808] [client 34.76.146.200:42730] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.renomarsh.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.renomarsh.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai00A2wcXCPE7uR_OK8dCQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 10:11:28
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 06:11:22.157673 2026] [security2:error] [pid 10727:tid 10727] [client 34.76.146.200:52494] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.plumeriatc.org|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.plumeriatc.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai0syl9zU0RIcDLqnHT2zAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-13 10:03:51
(2 weeks ago)
Excessive multi-domain requests
Brute-Force
๐ซ๐ท
dynamix
2026-06-13 09:36:17
(2 weeks ago)
Multiple WAF Violations
Web App Attack
๐ซ๐ท
Octopuce
2026-06-13 08:56:22
(2 weeks ago)
Aggressive web search of vulnerable pages: /db.sql.gz /backup.tar.gz /db.zip /api/database.yml /dump ...
show more
Aggressive web search of vulnerable pages: /db.sql.gz /backup.tar.gz /db.zip /api/database.yml /dump.zip ...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 08:46:41
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.76.146.200 (200.146.76.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 04:46:34.057255 2026] [security2:error] [pid 18501:tid 18525] [client 34.76.146.200:59982] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cwpianolessons.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cwpianolessons.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ai0Y6obiSznEnxOBJwv8_wAAAVY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-13 08:06:13
(2 weeks ago)
Bot / seems abusive / Apache connections: 115
DDoS Attack
Web Spam
Bad Web Bot
Web App Attack
๐ซ๐ท
Hostynet
2026-06-13 07:53:43
(2 weeks ago)
TCP SYN flood detected by MikroTik RouterOS filter (sustained half-open connection rate from single ...
show more
TCP SYN flood detected by MikroTik RouterOS filter (sustained half-open connection rate from single source). Source automatically blacklisted.
show less
DDoS Attack
Anonymous
2026-06-13 07:44:41
(2 weeks ago)
(caddyscan) Scanner path probe from 34.76.146.200 (BE/Belgium/200.146.76.34.bc.googleusercontent.com ...
show more
(caddyscan) Scanner path probe from 34.76.146.200 (BE/Belgium/200.146.76.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.76.146.200 - - [13/Jun/2026:07:44:39 +0000] "GET /app/actuator/heapdump HTTP/1.1"
[REDACTED] 200 2627 34.76.146.200 - - [13/Jun/2026:07:44:38 +0000] "GET /app/actuator/env HTTP/1.1"
[REDACTED] 200 2627 34.76.146.200 - - [13/Jun/2026:07:44:39 +0000] "GET /actuator/heapdump HTTP/1.1"
[REDACTED] 200 2627 34.76.146.200 - - [13/Jun/2026:07:44:39 +0000] "GET /actuator/env HTTP/1.1"
[REDACTED] 200 2627 34.76.146.200 - - [13/Jun/2026:07:44:39 +0000] "GET /app/actuator/logfile HTTP/1.1"
show less
Port Scan
๐บ๐ธ
wordpresshosting.solutions
2026-06-13 06:41:27
(2 weeks ago)
Web app vulnerability scanning detected. Evidence: 34.76.146.200 - - [13/Jun/2026:06:41:27 +0000] "G ...
show more
Web app vulnerability scanning detected. Evidence: 34.76.146.200 - - [13/Jun/2026:06:41:27 +0000] "GET /config/.aws/credentials HTTP/1.1" 404 6451 "-" "HTC_Dream Mozilla/5.0 (Linux; U; Android 1.5; en-ca; Build/CUPCAKE) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1"
34.76.146.200 - - [13/Jun/2026:06:41:27 +0000] "GET /profiler/phpinfo HTTP/1.1" 404 6451 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.35 Safari/537.36"
show less
Web App Attack