๐บ๐ธ
kosada.com
2026-07-10 01:59:56
(4 days ago)
Web vulnerability probing: /.env (bogus vhost/SNI)
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-09 22:00:59
(4 days ago)
Auto-ban: >3000 req/min op 2026-07-09
Web App Attack
SSH
Hacking
๐บ๐ธ
Starburst SysOp Team
2026-07-09 11:21:23
(4 days ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-mnz6-1)
Hacking
Web App Attack
๐ง๐ท
Halux
2026-07-09 08:15:55
(5 days ago)
130.51.23.89 Probing protected path or service
Web App Attack
๐ฌ๐ง
thetomtaylor.co.uk
2026-07-09 00:07:02
(5 days ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx02,mx03,w ...
show more
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx02,mx03,wa02]
show less
Bad Web Bot
Web App Attack
๐ฌ๐ง
thetomtaylor.co.uk
2026-07-08 22:07:01
(5 days ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx01,wa01]
Bad Web Bot
Web App Attack
๐ฌ๐ท
setupgr
2026-07-08 15:08:47
(5 days ago)
(mod_security) mod_security (id:9999001) triggered by 130.51.23.89 (US/United States/Illinois/Chicag ...
show more
(mod_security) mod_security (id:9999001) triggered by 130.51.23.89 (US/United States/Illinois/Chicago/-/[AS11878 TZULO]): 1 in the last 86400 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Wed Jul 08 18:08:45.653910 2026] [security2:error] [pid 1878110:tid 1878165] [client 130.51.23.89:32814] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^154\\\\.57\\\\.7\\\\.73$" at REQUEST_HEADERS:Host. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "154"] [id "9999001"] [msg "Direct incoming request to server shared IP blocked by admin"] [hostname "154.57.7.73"] [uri "/.env"] [unique_id "ak5n_YS8_aZPs7wm8LqaeAAAAYE"]
show less
Port Scan
๐ฒ๐ฝ
octageeks.com
2026-07-08 04:15:37
(6 days ago)
Wordpress malicious attack:[octablocked]
Web App Attack
๐ณ๐ฟ
Tripwire
2026-07-07 10:52:19
(6 days ago)
Scanning for exploits - /.env
Web App Attack
๐ซ๐ท
masterguru
2026-07-07 05:17:09
(1 week ago)
Host header is a numeric IP address. Pattern match "(?:^( (920350-193)
Hacking
Bad Web Bot
๐บ๐ธ
Starburst SysOp Team
2026-07-06 16:10:32
(1 week ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-mnz6-7)
Hacking
Web App Attack
๐จ๐ญ
4server
2026-07-06 11:47:45
(1 week ago)
[MonJul0613:47:42.4736692026][security2:error][pid3295960:tid3296249][client130.51.23.89:0]ModSecuri ...
show more
[MonJul0613:47:42.4736692026][security2:error][pid3295960:tid3296249][client130.51.23.89:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"swisservers.com\"][uri\"/.env\"][unique_id\"akuV3kL-AQ6t2Y-j5I4_egAAAVA\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 06:07:14
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 i ...
show more
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 02:07:10.971593 2026] [security2:error] [pid 16710:tid 16710] [client 130.51.23.89:42450] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surrenderhouse.com"] [uri "/.env"] [unique_id "aktGDoh-QrE0RDHz8Na2ewAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 05:22:59
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 i ...
show more
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 01:22:52.595972 2026] [security2:error] [pid 922:tid 922] [client 130.51.23.89:46338] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.103"] [uri "/.env"] [unique_id "aks7rGaPnw8JYj7GGbmROQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 04:33:57
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 i ...
show more
(mod_security) mod_security (id:210492) triggered by 130.51.23.89 (PiDKI7QQxYdN.cloud.instance): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:33:50.903618 2026] [security2:error] [pid 6356:tid 6356] [client 130.51.23.89:55300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "supportconvalelementary.com"] [uri "/.env"] [unique_id "akswLofwRm838P-b9hmkggAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack