๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:03:33
(4 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
Web App Attack
SSH
Hacking
Anonymous
2026-07-17 15:10:25
(10 hours ago)
(caddyscan) Scanner path probe from 153.75.230.249 (US/United States/vps3491079.trouble-free.net): 5 ...
show more
(caddyscan) Scanner path probe from 153.75.230.249 (US/United States/vps3491079.trouble-free.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 153.75.230.249 - - [17/Jul/2026:15:08:25 +0000] "GET /frontend/.env HTTP/1.1"
[REDACTED] 200 2627 153.75.230.249 - - [17/Jul/2026:15:10:20 +0000] "GET /actuator/env HTTP/1.1"
[REDACTED] 200 2627 153.75.230.249 - - [17/Jul/2026:15:10:20 +0000] "GET /actuator/configprops HTTP/1.1"
[REDACTED] 200 2627 153.75.230.249 - - [17/Jul/2026:15:10:21 +0000] "GET /backup/.env HTTP/1.1"
[REDACTED] 200 2627 153.75.230.249 - - [17/Jul/2026:15:10:21 +0000] "GET /backups/.env HTTP/1.1"
show less
Port Scan
๐ซ๐ฎ
pixiekat
2026-07-17 11:17:33
(14 hours ago)
[Fri Jul 17 12:17:32.462017 2026] [security2:error] [pid 1354899:tid 1354945] [client 153.75.230.249 ...
show more
[Fri Jul 17 12:17:32.462017 2026] [security2:error] [pid 1354899:tid 1354945] [client 153.75.230.249:52366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "www.spacecadetgrrl.me"] [uri "/secrets.yaml"] [unique_id "aloPTA52Uzmj414K0A0BXwAAAAE"]
[Fri Jul 17 12:17:32.634700 2026] [security2:error] [pid 1354899:tid 1354981] [client 153.75.230.249:52366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-
...
show less
Web App Attack
๐ฆ๐บ
Klaverstyn
2026-07-17 11:15:20
(14 hours ago)
Excessive HTTP request rate
Web App Attack
๐ฉ๐ช
LRob
2026-07-17 10:04:51
(16 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /api/.env | 5 distinct paths | UA: Mozilla/5.0 ( ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /api/.env | 5 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 09:56:51
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:56:45.699700 2026] [security2:error] [pid 10735:tid 10735] [client 153.75.230.249:29380] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bonefrog.com"] [uri "/.env.dev"] [unique_id "aln8XTDes307xYhDHYQRWgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:55:14
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:55:09.809487 2026] [security2:error] [pid 23174:tid 23174] [client 153.75.230.249:6442] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wedemandavote.com"] [uri "/.env.development"] [unique_id "alnt7Zhk_SJ6r6ZYacPuHgAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:36:34
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:36:28.891655 2026] [security2:error] [pid 11846:tid 11846] [client 153.75.230.249:13956] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hazelwerner.com"] [uri "/.env.development"] [unique_id "alnpjOHtVDpz04YZHOhhpgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2026-07-17 07:47:03
(18 hours ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 153.75.230.249 (US/United States/vps ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 153.75.230.249 (US/United States/vps3491079.trouble-free.net): 1 in the last 3600 secs
show less
Web App Attack
๐ฉ๐ช
Progetto1
2026-07-17 05:59:01
(20 hours ago)
Detected via HAProxyScanner at 2026-07-17 05:59:01 UTC on destination port WEB (80/443). Repeated sc ...
show more
Detected via HAProxyScanner at 2026-07-17 05:59:01 UTC on destination port WEB (80/443). Repeated scan / connection.
show less
Port Scan
Hacking
Brute-Force
๐ซ๐ท
masterguru
2026-07-17 05:33:35
(20 hours ago)
Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐ฉ๐ช
Hagen Schoebel
2026-07-17 05:26:19
(20 hours ago)
Blocked by CrowdSec - anomaly score block: lfi: 5, anomaly: 5, (US)
Port Scan
Brute-Force
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2026-07-17 05:10:41
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:10:33.965829 2026] [security2:error] [pid 13669:tid 13669] [client 153.75.230.249:59976] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scottwithers.xyz"] [uri "/.env.backup"] [unique_id "alm5SUpCI-SgRW0UeMvD2QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 04:55:14
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 153.75.230.249 (vps3491079.trouble-free.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 00:55:09.430721 2026] [security2:error] [pid 4049634:tid 4049634] [client 153.75.230.249:43570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.briancastle.com"] [uri "/.env.swp"] [unique_id "alm1rcsxYoriekRkPvVcBAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
tsZero
2026-07-17 04:32:09
(21 hours ago)
Scan example: path=/.env.template status=404
Hacking