Anonymous
2026-07-17 17:35:12
(1 day ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-07-17 16:23:15
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 12:23:11.508760 2026] [security2:error] [pid 645411:tid 645411] [client 113.108.8.199:60187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tangastarot.okwellbeing.com"] [uri "/.env.dev"] [unique_id "alpW75stamNoE_wDCWKg9gAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:40:24
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:40:15.712524 2026] [security2:error] [pid 21680:tid 21680] [client 113.108.8.199:46273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "peaksalesnw.com"] [uri "/.env"] [unique_id "alowv4t34IT477clB1CGCgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:08:47
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:08:41.308773 2026] [security2:error] [pid 874626:tid 874647] [client 113.108.8.199:51268] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "magazineofwallstreet.com"] [uri "/.env"] [unique_id "aloNOfbP9T8vCu_QvDeJIgAAAFM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 08:25:12
(2 days ago)
(caddyscan) Scanner path probe from 113.108.8.199 (CN/China/-): 5 in the last 3600 secs; Ports: *; D ...
show more
(caddyscan) Scanner path probe from 113.108.8.199 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 113.108.8.199 - - [17/Jul/2026:08:25:04 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 113.108.8.199 - - [17/Jul/2026:08:25:05 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 113.108.8.199 - - [17/Jul/2026:08:25:06 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 113.108.8.199 - - [17/Jul/2026:08:25:07 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 113.108.8.199 - - [17/Jul/2026:08:25:07 +0000] "GET /.env.dev HTTP/1.1"
show less
Port Scan
๐ฉ๐ช
wpadm4
2026-07-17 08:01:38
(2 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:50:35
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:50:29.125331 2026] [security2:error] [pid 406968:tid 406968] [client 113.108.8.199:59426] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mangamaster.hongkonger.org"] [uri "/client/.env"] [unique_id "alnexUuRTNvHUVMpU0ElogAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-17 06:44:54
(2 days ago)
Try to access /.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:06:44
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:06:38.105264 2026] [security2:error] [pid 27652:tid 27652] [client 113.108.8.199:52810] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lanuevaley.com"] [uri "/.env"] [unique_id "alnGbj_jXxiEMW-eODkqfAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-17 05:32:50
(2 days ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:57:16
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:57:11.481469 2026] [security2:error] [pid 25092:tid 25092] [client 113.108.8.199:45262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stoneageartifacts.com"] [uri "/.env"] [unique_id "almaByCkVheHzJfH00KzJgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:38:09
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 113.108.8.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:38:04.222577 2026] [security2:error] [pid 28151:tid 28151] [client 113.108.8.199:39438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwars.net"] [uri "/.env.save"] [unique_id "almVjE7UgEYPWQvKl_L0QAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
Valhalla
2026-07-17 01:14:47
(2 days ago)
/config
Hacking
Web App Attack
๐ฏ๐ต
S.O.B.A. Dev.
2026-07-17 00:54:21
(2 days ago)
Web vulnerability scanning
Brute-Force
Web Spam
Web App Attack
Anonymous
2026-07-16 23:45:53
(2 days ago)
(mod_security) mod_security triggered on hostname [redacted] 113.108.8.199 (CN/China/-)
SQL Injection