Anonymous
2026-06-28 08:57:14
(1 day ago)
"GET /.env HTTP/1.1"
Hacking
Web App Attack
๐ง๐ท
dominioz
2026-06-28 08:50:27
(1 day ago)
2026-06-28 08:49:59 GET /.env.backup - - 101.99.88.26 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+ ...
show more
2026-06-28 08:49:59 GET /.env.backup - - 101.99.88.26 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5300
2026-06-28 08:49:59 GET /.env.production - - 101.99.88.26 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5308
2026-06-28 08:49:59 GET /.env.local - - 101.99.88.26 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5298
2026-06-28 08:49:59 GET /.env.prod - - 101.99.88.26 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5296
...
show less
Web App Attack
๐ซ๐ท
Baking333
2026-06-28 08:46:00
(1 day ago)
[redacted] 101.99.88.26 - - [28/Jun/2026:09:45:58 +0100] "GET /.[redacted] HTTP/1.1" 302 1553 0/7622 ...
show more
[redacted] 101.99.88.26 - - [28/Jun/2026:09:45:58 +0100] "GET /.[redacted] HTTP/1.1" 302 1553 0/76221 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 101.99.88.26 - - [28/Jun/2026:09:45:58 +0100] "GET /.[redacted] HTTP/1.1" 302 1553 0/106668 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 08:35:47
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 101.99.88.26 (server1.kamon.la): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 101.99.88.26 (server1.kamon.la): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 04:35:39.746491 2026] [security2:error] [pid 11817:tid 11817] [client 101.99.88.26:52348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cgautomatizacion.com"] [uri "/.env.backup"] [unique_id "akDc2-PACJ8k-B5EJhvqUwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-28 08:30:03
(1 day ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
Anonymous
2026-06-28 08:24:39
(1 day ago)
Aggressive web scan
Web App Attack
๐บ๐ธ
Penny Packer
2026-06-28 08:19:41
(1 day ago)
Fail2Ban apache-tripwires
Web App Attack
๐ฉ๐ช
Phenix Info
2026-06-28 08:18:45
(1 day ago)
SmallGuard.fr/Prestashop Forbidden Ext.
Web App Attack
๐ญ๐บ
bcsaba
2026-06-28 08:03:37
(1 day ago)
Probing for .env file:
101.99.88.26 - - [28/Jun/2026:10:03:36 +0200] "GET /.env HTTP/1.1" 403 548 "- ...
show more
Probing for .env file:
101.99.88.26 - - [28/Jun/2026:10:03:36 +0200] "GET /.env HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Web App Attack
๐ฎ๐ฉ
Burayot
2026-06-28 08:03:07
(1 day ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 101.99.88.26 (MY/Malaysia/server1.ka ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 101.99.88.26 (MY/Malaysia/server1.kamon.la): 2 in the last 3600 secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 08:02:35
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 101.99.88.26 (server1.kamon.la): 1 in the last ...
show more
(mod_security) mod_security (id:210492) triggered by 101.99.88.26 (server1.kamon.la): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 04:02:29.718474 2026] [security2:error] [pid 2062:tid 2062] [client 101.99.88.26:59618] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "babylontravelone.com"] [uri "/.env.prod"] [unique_id "akDVFQsQCA_tgkPfVxzSUQAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-28 08:00:47
(1 day ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
xpto
2026-06-28 07:47:45
(1 day ago)
Blocked for probing for web application vulnerabilities
Web App Attack
๐บ๐ธ
helios.live
2026-06-28 07:45:47
(1 day ago)
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, ...
show more
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, server: kocerroxy.com, request: "GET /.env.backup HTTP/1.1", host: "app.kocerroxy.com"
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, server: kocerroxy.com, request: "GET /.env.prod HTTP/1.1", host: "app.kocerroxy.com"
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, server: kocerroxy.com, request: "GET /.env.production HTTP/1.1", host: "app.kocerroxy.com"
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, server: kocerroxy.com, request: "GET /.env.local HTTP/1.1", host: "app.kocerroxy.com"
2026/06/28 07:45:47 [error] 2255725#2255725: *48514 access forbidden by rule, client: 101.99.88.26, server: kocerroxy.com, request: "GET /.env.save HTTP/1.1", host: "app.kocerroxy.com"
...
show less
Web App Attack
๐บ๐ธ
ANTI SCANNER
2026-06-28 07:42:41
(1 day ago)
Scanner : /.env.save
Web Spam