๐บ๐ธ
TPI-Abuse
2026-07-17 13:56:17
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:56:13.593828 2026] [security2:error] [pid 793951:tid 793951] [client 120.26.1.196:58796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kwcccarshow.com"] [uri "/.env.test"] [unique_id "alo0fUmKHSGCEN2dKgtjMgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:27:36
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:27:31.974711 2026] [security2:error] [pid 9140:tid 9140] [client 120.26.1.196:36330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dougwong.net"] [uri "/.env.dev"] [unique_id "alotw2OQuO9bmECx5dWVwQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:59:11
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:59:06.464636 2026] [security2:error] [pid 24126:tid 24126] [client 120.26.1.196:37862] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "littlebiglebanon.com"] [uri "/.env.bak"] [unique_id "aloZCl596rsnBO8o7-RhYgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:05:37
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:05:33.418564 2026] [security2:error] [pid 603639:tid 603639] [client 120.26.1.196:57178] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "unitymaine.org.picayunity.com"] [uri "/.env.production"] [unique_id "aloMfXL9u4udD8PiqHZ1IAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:07:19
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:07:15.277039 2026] [security2:error] [pid 28149:tid 28149] [client 120.26.1.196:34864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "flugstadcom.xn--lyngr-yua.net"] [uri "/.env"] [unique_id "alnGk-5GyI5jzqlutigMKAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:16:03
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:15:57.488000 2026] [security2:error] [pid 187950:tid 187994] [client 120.26.1.196:50080] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "featherston.ws"] [uri "/.env.old"] [unique_id "almebUG-k92vi38bJtCMHgAAAZY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:44:24
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:44:17.855599 2026] [security2:error] [pid 161129:tid 161129] [client 120.26.1.196:33026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mahoninginn.com"] [uri "/public/.env"] [unique_id "almXAbIh8R877JPKLoZ07wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-16 22:30:51
(1 day ago)
Try to access /app/.env
Web App Attack
๐ญ๐บ
bcsaba
2026-07-16 22:05:26
(1 day ago)
Probing for .env file:
120.26.1.196 - - [17/Jul/2026:00:05:25 +0200] "GET /.env.development HTTP/1.1 ...
show more
Probing for .env file:
120.26.1.196 - - [17/Jul/2026:00:05:25 +0200] "GET /.env.development HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
show less
Web App Attack
Anonymous
2026-07-16 21:37:30
(1 day ago)
(caddyscan) Scanner path probe from 120.26.1.196 (CN/China/-): 5 in the last 3600 secs; Ports: *; Di ...
show more
(caddyscan) Scanner path probe from 120.26.1.196 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 120.26.1.196 - - [16/Jul/2026:21:37:25 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 120.26.1.196 - - [16/Jul/2026:21:37:26 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 120.26.1.196 - - [16/Jul/2026:21:37:26 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 120.26.1.196 - - [16/Jul/2026:21:37:27 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 120.26.1.196 - - [16/Jul/2026:21:37:27 +0000] "GET /.env.dev HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-16 21:21:05
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:20:58.596653 2026] [security2:error] [pid 23354:tid 23354] [client 120.26.1.196:44140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rpmevolution.com.jemsfood.com"] [uri "/.env.example"] [unique_id "allLOqM2cNhzk7BvhcKH8gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-16 21:14:45
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ต๐ฑ
lns.bz
2026-07-16 21:03:30
(1 day ago)
Web app attack [PL.Lu]
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 19:55:38
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 120.26.1.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:55:31.314387 2026] [security2:error] [pid 3567:tid 3567] [client 120.26.1.196:47300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luxurymicrobikini.com"] [uri "/.env.example"] [unique_id "alk3MwcJ_AZ7bYZy_5ur3wAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
myip.foo
2026-07-16 19:35:40
(1 day ago)
[myip.foo] 120.26.1.196 - - [16/Jul/2026:19:35:39 +0000] "GET /.env.example HTTP/1.1" 404 151 "-" "M ...
show more
[myip.foo] 120.26.1.196 - - [16/Jul/2026:19:35:39 +0000] "GET /.env.example HTTP/1.1" 404 151 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
show less
Bad Web Bot
Web App Attack