Anonymous
2026-07-09 23:50:04
(1 week ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, POST / HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-08 11:49:12
(1 week ago)
Bad bot ignoring robot.txt
Bad Web Bot
๐ฉ๐ช
Gwyneth Llewelyn
2026-07-08 11:01:11
(1 week ago)
107.182.130.84 - - [08/Jul/2026:12:01:09 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux ...
show more
107.182.130.84 - - [08/Jul/2026:12:01:09 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30"
2026/07/08 12:01:10 [error] 2215#2215: *1381297 access forbidden by rule, client: 107.182.130.84, server: [redacted], request: "GET /.env HTTP/1.1", host: "[redacted]"
107.182.130.84 - - [08/Jul/2026:12:01:10 +0100] "GET /.env HTTP/1.1" 403 1178 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 10:18:16
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 06:18:09.311232 2026] [security2:error] [pid 27343:tid 27343] [client 107.182.130.84:61450] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.43"] [uri "/.env"] [unique_id "ak4j4QImDC_EzO3lY2pY2AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 10:02:09
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 06:02:03.802664 2026] [security2:error] [pid 31575:tid 31575] [client 107.182.130.84:56055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.46"] [uri "/.env"] [unique_id "ak4gG3_uGSEpWpKhTstFdQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
Starburst SysOp Team
2026-07-08 09:37:36
(1 week ago)
Host header is a numeric IP address. Pattern match "(?:^( (920350-syd2-4)
Hacking
Bad Web Bot
๐ฎ๐ช
AutosOnShow
2026-07-08 09:34:05
(1 week ago)
blocked for webapp attack | path requested: /.env | seen at 2026-07-08 09:33:10.549 |
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-08 05:33:29
(1 week ago)
This IP was detected by CrowdSec triggering crowdsecurity/CVE-2017-9841
Web App Attack
Anonymous
2026-07-08 05:01:43
(1 week ago)
<jail> banned by fail2ban
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 04:01:28
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 00:01:23.549459 2026] [security2:error] [pid 4612:tid 4612] [client 107.182.130.84:52871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.220"] [uri "/.env"] [unique_id "ak3Lk32fCUHcdduU80YV9QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Ano_Nym
2026-07-08 00:48:29
(1 week ago)
CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/CVE-2017-9841
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-08 00:18:28
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 107.182.130.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 20:18:21.826608 2026] [security2:error] [pid 15466:tid 15572] [client 107.182.130.84:62727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.123"] [uri "/.env"] [unique_id "ak2XTYdLA48Q3LJna3xbTQAAAhA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Gwyneth Llewelyn
2026-07-07 23:29:50
(1 week ago)
107.182.130.84 - - [08/Jul/2026:00:29:47 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; ...
show more
107.182.130.84 - - [08/Jul/2026:00:29:47 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
2026/07/08 00:29:48 [error] 2215#2215: *1263792 access forbidden by rule, client: 107.182.130.84, server: [redacted], request: "GET /.env HTTP/1.1", host: "[redacted]"
107.182.130.84 - - [08/Jul/2026:00:29:48 +0100] "GET /.env HTTP/1.1" 403 1178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
show less
Brute-Force
Web App Attack
๐ซ๐ท
Octopuce
2026-07-07 21:34:26
(1 week ago)
Aggressive web search of vulnerable pages: /backup.tar.gz /admin/config.php /database.yml /config/da ...
show more
Aggressive web search of vulnerable pages: /backup.tar.gz /admin/config.php /database.yml /config/database.yml /app/config/parameters.php /typo ...
show less
Web App Attack
๐ฎ๐ช
AutosOnShow
2026-07-07 19:09:04
(1 week ago)
blocked for webapp attack | path requested: /.env | seen at 2026-07-07 19:08:41.469 |
Web App Attack