Anonymous
2026-07-16 11:41:03
(10 minutes ago)
Bot / scanning and/or hacking attempts: GET /backend/.git/HEAD HTTP/1.1, GET /public/.git/HEAD HTTP/ ...
show more
Bot / scanning and/or hacking attempts: GET /backend/.git/HEAD HTTP/1.1, GET /public/.git/HEAD HTTP/1.1, GET /src/.git/HEAD HTTP/1.1, GET /.env.production HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 11:09:03
(42 minutes ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 07:08:57.729862 2026] [security2:error] [pid 17396:tid 17396] [client 104.223.85.144:43024] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dojaservices.com.disenowebprofesional.com"] [uri "/.env"] [unique_id "ali7yeMoT4LkzgtunSuCcgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-16 10:17:04
(1 hour ago)
BAD BOT - Detected and Blocked.. Matched phrase "ccbot" at REQUEST_HEADERS:user-agent. (1100000-196)
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-16 09:52:32
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 05:52:27.477684 2026] [security2:error] [pid 24423:tid 24423] [client 104.223.85.144:59686] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rocketcityhotwheelers.com"] [uri "/.env"] [unique_id "alip26TflKIATaZSUd0k8QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 08:10:48
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 04:10:44.052996 2026] [security2:error] [pid 28429:tid 28429] [client 104.223.85.144:44010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nathangoldsteinartist.com"] [uri "/.env"] [unique_id "aliSBH5cd5fAM5Qdh2B4HQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Baking333
2026-07-16 07:28:35
(4 hours ago)
[redacted] 104.223.85.144 - - [16/Jul/2026:08:28:32 +0100] "GET /.[redacted] HTTP/2.0" 301 299 "http ...
show more
[redacted] 104.223.85.144 - - [16/Jul/2026:08:28:32 +0100] "GET /.[redacted] HTTP/2.0" 301 299 "https://[redacted]/.[redacted]" "Mozilla/5.0 (compatible; bingbot/2.0; +http://[redacted]/[redacted])" [redacted] 104.223.85.144 - - [16/Jul/2026:08:28:32 +0100] "GET /.[redacted] HTTP/2.0" 301 156 "https://[redacted]/.[redacted]" "Mozilla/5.0 (compatible; GoogleOther; +https://[redacted]/search/)"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 07:21:39
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:21:33.924233 2026] [security2:error] [pid 23307:tid 23307] [client 104.223.85.144:42708] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.levaraluxe.com.artizandecor.com"] [uri "/.env"] [unique_id "aliGfZljCsSc8kp8kjCyXwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 07:06:22
(4 hours ago)
$f2bV_matches
Brute-Force
๐ฉ๐ช
ut-addicted.com
2026-07-16 05:55:58
(5 hours ago)
\[Thu Jul 16 07:55:57.786173 2026\] \[:error\] \[pid 17238:tid 139785842702080\] \[client 104.223.85 ...
show more
\[Thu Jul 16 07:55:57.786173 2026\] \[:error\] \[pid 17238:tid 139785842702080\] \[client 104.223.85.144:33006\] \[client 104.223.85.144\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "mail.ut-addicted.com"\] \[uri "/.env"\] \[unique_id "alhybT9m8KFXW8SMb1XsGwAAAUY"\]
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 05:29:41
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:29:36.151125 2026] [security2:error] [pid 2306291:tid 2306291] [client 104.223.85.144:44446] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.debzy.com"] [uri "/.env"] [unique_id "alhsQPhsi-s2i8-Qo-VuQgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 04:51:51
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 00:51:46.214102 2026] [security2:error] [pid 25908:tid 25908] [client 104.223.85.144:34326] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.frenchla.com"] [uri "/.env.local"] [unique_id "alhjYoNJ7308Zc2m1PiuOgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-07-16 04:35:04
(7 hours ago)
Wordpress malicious attack:[octablocked]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 04:35:01
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.223.85.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 00:34:53.380411 2026] [security2:error] [pid 13384:tid 13430] [client 104.223.85.144:44912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ic1philippines.com"] [uri "/.env"] [unique_id "alhfbSdb_8apb-MJH3BewwAAAMg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
IVski
2026-07-16 04:12:18
(7 hours ago)
IVski WAF | Sensitive file probe detected - looking for .env
Port Scan
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-16 03:38:44
(8 hours ago)
Restricted File Access Attempt. Matched phrase "/.env" at REQUEST_FILENAME. (930130-135)
Hacking
Web App Attack