π¬π§
openstrike.co.uk
2026-06-27 05:16:17
(1 day ago)
33 attacks on env grabbing URLs:
GET /storage/.env HTTP/1.1
Hacking
π³π±
maxxsense
2026-06-27 01:33:48
(1 day ago)
152.233.20.178 (DE/Germany/unn-152-233-20-178.datapacket.com), 12 distributed imapd attacks on accou ...
show more
152.233.20.178 (DE/Germany/unn-152-233-20-178.datapacket.com), 12 distributed imapd attacks on account [redacted]
show less
Brute-Force
2026-06-26 14:45:54
(1 day ago)
152.233.20.178 - - [26/Jun/2026:11:45:52 -0300] "GET /.env HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windo ...
show more
152.233.20.178 - - [26/Jun/2026:11:45:52 -0300] "GET /.env HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
152.233.20.178 - - [26/Jun/2026:11:45:53 -0300] "GET /.env.backup HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Port Scan
πΊπΈ
TPI-Abuse
2026-06-26 11:34:39
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.c ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 07:34:31.681681 2026] [security2:error] [pid 25544:tid 25544] [client 152.233.20.178:54666] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toptek.com"] [uri "/.env"] [unique_id "aj5jx3SneNfpZUM5dr1QGAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π·πΊ
DZBOT
2026-06-26 04:47:50
(2 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-26 04:10:40
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.c ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:10:36.614331 2026] [security2:error] [pid 16235:tid 16235] [client 152.233.20.178:52816] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toppress.ca"] [uri "/.env"] [unique_id "aj37vKsJXga9fs-x7XwgswAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Apache
2026-06-26 04:08:15
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (DE/Germany/unn-152-233-20-178.d ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (DE/Germany/unn-152-233-20-178.datapacket.com): 5 in the last 300 secs (CF_ENABLE)
show less
Brute-Force
Web App Attack
2026-06-26 02:16:21
(2 days ago)
2026-06-26T04:16:19.880638+02:00 152.233.20.178:14076 http-in~ http-in/<NOSRV> 2/-1/-1/-1/2 403 971 ...
show more
2026-06-26T04:16:19.880638+02:00 152.233.20.178:14076 http-in~ http-in/<NOSRV> 2/-1/-1/-1/2 403 971 - - PR-- 1/1/0/0/0 0/0 {mydomain} "GET https://mydomain/.env HTTP/2.0" WAF_ACTION:deny WAF_ID(s):930130,949110
2026-06-26T04:16:20.002419+02:00 152.233.20.178:14296 http-in~ http-in/<NOSRV> 3/-1/-1/-1/3 403 971 - - PR-- 2/2/0/0/0 0/0 {mydomain} "GET https://mydomain/.env.backup HTTP/2.0" WAF_ACTION:deny WAF_ID(s):920440,930130,949110
2026-06-26T04:16:20.052573+02:00 152.233.20.178:14076 http-in~ http-in/<NOSRV> 3/-1/-1/-1/3 403 971 - - PR-- 2/2/0/0/0 0/0 {mydomain} "GET https://mydomain/.env.bak HTTP/2.0" WAF_ACTION:deny WAF_ID(s):920440,930130,949110
2026-06-26T04:16:20.101927+02:00 152.233.20.178:14296 http-in~ http-in/<NOSRV> 2/-1/-1/-1/2 403 971 - - PR-- 2/2/0/0/0 0/0 {mydomain} "GET https://mydomain/.env.old HTTP/2.0" WAF_ACTION:deny WAF_ID(s):920440,930130,949110
2026-06-26T04:16:20.152742+02:00 152.233.20.178:14296 http-in~ http-in/<NOSRV> 3/-1/-1/-1/3 403 971 - -
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-26 01:18:12
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.c ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:18:06.598768 2026] [security2:error] [pid 8089:tid 8089] [client 152.233.20.178:62012] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "topografiazgs.com"] [uri "/.env"] [unique_id "aj3TTngy3eMlHGm7P4PnSgAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-26 00:46:29
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.c ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 20:46:25.184961 2026] [security2:error] [pid 4624:tid 4624] [client 152.233.20.178:60048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "topofbig4.com"] [uri "/.env"] [unique_id "aj3L4fqT1UuZ3RCTb6ozeAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-26 00:21:30
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.c ...
show more
(mod_security) mod_security (id:210492) triggered by 152.233.20.178 (unn-152-233-20-178.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 20:21:25.934827 2026] [security2:error] [pid 16280:tid 16280] [client 152.233.20.178:53666] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "topnotchupholstery.com"] [uri "/.env"] [unique_id "aj3GBTwV3TwHqyzMr07tkAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
Matthew Ping
2026-06-26 00:15:01
(2 days ago)
ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
π§πͺ
cmbplf
2026-06-25 23:45:52
(2 days ago)
247 requests with url.path *.env
Brute-Force
Bad Web Bot
πΊπΈ
mnsf
2026-06-25 21:27:14
(2 days ago)
Abuse Detected (1)
Brute-Force
Web App Attack
π³π±
e.fierstra
2026-06-25 16:07:13
(2 days ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack