π±π»
garmtech.com
2026-06-24 01:08:18
(2 weeks ago)
IM360 WAF: Direct access to sensitive file or dotfile MV:/.env
Web App Attack
πͺπΈ
Gem
2026-06-13 05:59:38
(4 weeks ago)
Unauthorized web scan.
Web App Attack
π°π·
MW
2026-06-11 18:53:24
(1 month ago)
14.53.103.107 - - [12/Jun/2026:03:53:22 +0900] "GET /users/sign_in HTTP/1.1" 404 458 "-" "Mozilla/5. ...
show more
14.53.103.107 - - [12/Jun/2026:03:53:22 +0900] "GET /users/sign_in HTTP/1.1" 404 458 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"
14.53.103.107 - - [12/Jun/2026:03:53:22 +0900] "GET /.env HTTP/1.1" 404 458 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"
14.53.103.107 - - [12/Jun/2026:03:53:22 +0900] "GET /users/sign_in HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"
show less
Bad Web Bot
Web App Attack
π©πͺ
sverson
2026-06-11 16:52:23
(1 month ago)
Automated report / Wordpress Attack Attempt
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-11 16:13:34
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 12:13:28.301792 2026] [security2:error] [pid 28914:tid 28914] [client 14.53.103.107:46758] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hayatmotifi.com.kircali.net"] [uri "/.env"] [unique_id "aireqEfQjARVhfaEW_Uj4AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
cwytech
2026-06-11 15:59:08
(1 month ago)
Fleet-wide ban from the Ghostfleet π». Triggered by scenario: cwy/tpot-web-high.
Bad Web Bot
Web App Attack
π³π±
BlueWire Hosting
2026-06-11 14:02:22
(1 month ago)
Probing websites for vulnerabilities
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-11 10:16:22
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 06:16:15.952231 2026] [security2:error] [pid 29000:tid 29000] [client 14.53.103.107:53532] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.malinka.us"] [uri "/.env"] [unique_id "aiqK77FZ95DSvjZbMzElfAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-11 10:01:09
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 06:01:04.101851 2026] [security2:error] [pid 20540:tid 20631] [client 14.53.103.107:36830] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.12am.us"] [uri "/.env"] [unique_id "aiqHYAQxyhIjMMtN_M9YzwAAAVI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-11 09:39:38
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:39:32.790188 2026] [security2:error] [pid 31366:tid 31366] [client 14.53.103.107:36118] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vtmooses.us"] [uri "/.env"] [unique_id "aiqCVNEdMUQg95BFSG-ABQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-11 09:05:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 14.53.103.107 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:05:55.516676 2026] [security2:error] [pid 19911:tid 19911] [client 14.53.103.107:39630] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "foros2cn.vientodelevante.es"] [uri "/.env"] [unique_id "aip6cwHuWFk8sq4Gs1lcrgAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
bohl-aiG5aef
2026-06-11 09:01:04
(1 month ago)
Suricata Alert [SID:2031502] ET INFO Request to Hidden Environment File - Inbound
Hacking
πΊπΈ
itsnixk
2026-05-29 08:57:10
(1 month ago)
(mod_security) mod_security (id:920350) triggered by 14.53.103.107 (KR/South Korea/-): 1 in the last ...
show more
(mod_security) mod_security (id:920350) triggered by 14.53.103.107 (KR/South Korea/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri May 29 04:57:04.462154 2026] [security2:error] [pid 1037330:tid 1037751] [client 14.53.103.107:39996] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+|\\\\[[\\\\da-f:]+\\\\]|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/health"] [unique_id "ahlU4LP3AHgsiktBz8Zd0gAAARk"]
show less
Port Scan
πΊπΈ
Matthew Ping
2026-05-25 07:30:01
(1 month ago)
cPanel/WHM brute force blocked by CSF/LFD on d865.
Web App Attack
Brute-Force
πΊπΈ
sumnone
2026-05-25 07:26:36
(1 month ago)
Port probing on unauthorized port 2087
Port Scan
Hacking
Exploited Host