๐ฉ๐ช
raph
2026-06-30 22:32:01
(1 day ago)
[DOT FILES] crawler *.env*, .git*, .config*, etc.
Bad Web Bot
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-06-30 21:33:04
(1 day ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-30 19:50:18
(1 day ago)
104.28.152.246 - - [30/Jun/2026:22:50:16 +0300] "GET /api/.env HTTP/1.1" 404 789 "-" "Mozilla/5.0 (W ...
show more
104.28.152.246 - - [30/Jun/2026:22:50:16 +0300] "GET /api/.env HTTP/1.1" 404 789 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0"
104.28.152.246 - - [30/Jun/2026:22:50:17 +0300] "GET /backend/.env HTTP/1.1" 404 728 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-30 12:07:03
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 02:01:32
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 22:01:28.709638 2026] [security2:error] [pid 10927:tid 10927] [client 104.28.152.246:61898] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "monteriggioni.net"] [uri "/.git/HEAD"] [unique_id "akMjeDmEEnsuj8MEnTHSnAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pigro
2026-06-30 01:35:25
(1 day ago)
104.28.152.246 - - [30/Jun/2026:03:35:23 +0200] "GET /app/.npmrc/ HTTP/1.1" 404 2303 "https://smtp.p ...
show more
104.28.152.246 - - [30/Jun/2026:03:35:23 +0200] "GET /app/.npmrc/ HTTP/1.1" 404 2303 "https://smtp.pigro.site/app/.npmrc" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0"
104.28.152.246 - - [30/Jun/2026:03:35:25 +0200] "GET /backend/config.json/ HTTP/1.1" 404 2298 "https://smtp.pigro.site/backend/config.json" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:150.0) Gecko/20100101 Firefox/150.0"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 10:56:38
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 06:56:35.334776 2026] [security2:error] [pid 1009:tid 1009] [client 104.28.152.246:62330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ocmtx.org"] [uri "/.env.staging"] [unique_id "akJPY0xtW6at8v-DpAeALQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 09:50:36
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 05:50:30.317812 2026] [security2:error] [pid 9125:tid 9125] [client 104.28.152.246:33337] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bewdleypizza.com"] [uri "/.git/logs/HEAD"] [unique_id "akI_5iAVepkLiDnbDO9uWwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 07:24:16
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:24:11.521372 2026] [security2:error] [pid 9743:tid 9743] [client 104.28.152.246:60719] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rasp.oxfordgliding.com"] [uri "/.env.dev"] [unique_id "akIdm0DqouC0l6KpwmpP1AAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 04:39:28
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 00:39:23.620164 2026] [security2:error] [pid 5558:tid 5558] [client 104.28.152.246:61361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sierrafoothillsrealty.georgetownca.com"] [uri "/.env.dev"] [unique_id "akH2-7VkQo8PmBXjM8wSBgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 03:50:08
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 23:50:05.447754 2026] [security2:error] [pid 18227:tid 18227] [client 104.28.152.246:61796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drowninglovers.com"] [uri "/.env.local.backup"] [unique_id "akHrbTHePbcR_v38EIoO4QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 02:05:12
(2 days ago)
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env.copy HTTP/1.1" 403 199 "-" "Mozilla/5.0 ( ...
show more
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env.copy HTTP/1.1" 403 199 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 104.28.152.246
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env~ HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15" 104.28.152.246
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env.production.swp HTTP/1.1" 403 199 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" 104.28.152.246
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env.production.orig HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" 104.28.152.246
104.28.152.246 - - [28/Jun/2026:21:03:15 -0500] "GET /.env.swp HTTP/1.1" 403 199 "-" "Mozilla/5.0
...
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 00:05:07
(2 days ago)
WAF repeated trigger detected by Fail2Ban
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 22:04:18
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.28.152.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 18:04:14.772816 2026] [security2:error] [pid 15338:tid 15338] [client 104.28.152.246:34278] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cyber507.net"] [uri "/.env.local.copy"] [unique_id "akGaXrenVefq2vHAiYvLhwAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-28 21:24:45
(3 days ago)
(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.152.246 (CA/Canada/-): 2 in th ...
show more
(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.152.246 (CA/Canada/-): 2 in the last 3600 secs (0-196)
show less
Hacking