๐ง๐ช
Ivo Vynckier
2026-07-11 09:22:00
(3 hours ago)
157.157.221.26 - - [10/Jul/2026:12:54:23 +0200] "GET /api/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
...
show more
157.157.221.26 - - [10/Jul/2026:12:54:23 +0200] "GET /api/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
157.157.221.26 - - [10/Jul/2026:12:56:12 +0200] "GET /script/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
157.157.221.26 - - [10/Jul/2026:12:56:37 +0200] "GET /public/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
157.157.221.26 - - [10/Jul/2026:13:01:44 +0200] "GET /laravel/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
157.157.221.26 - - [10/Jul/2026:13:02:41 +0200] "GET /data/.env HTTP/1.1" 403 117 "-" "Mozilla/5.0"
show less
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-07-11 05:13:17
(7 hours ago)
148 attacks on PHP URLs, config grabbing URLs (type 2), VC URLs, site downloads, env grabbing URLs, ...
show more
148 attacks on PHP URLs, config grabbing URLs (type 2), VC URLs, site downloads, env grabbing URLs, password grabbing URLs:
GET /config.inc.php HTTP/1.1
GET /config/aws.json HTTP/1.1
GET /.git/config HTTP/1.1
GET /db.sql HTTP/1.1
GET /.env.bak HTTP/1.1
GET /.aws/credentials HTTP/1.1
show less
Web App Attack
Hacking
Anonymous
2026-07-10 14:36:00
(22 hours ago)
157.157.221.26 - - [10/Jul/2026:15:16:43 +0100] "GET / HTTP/1.1" 200 3791 "-" "Mozilla/5.0 (Windows ...
show more
157.157.221.26 - - [10/Jul/2026:15:16:43 +0100] "GET / HTTP/1.1" 200 3791 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
157.157.221.26 - - [10/Jul/2026:15:18:57 +0100] "GET /.env.production HTTP/1.1" 403 344 "-" "Mozilla/5.0"
show less
Web App Attack
Hacking
๐ฌ๐ง
pinguin
2026-07-10 13:57:57
(22 hours ago)
Triggered Cloudflare WAF (linkMaze) from IE.
Action taken: LINK_MAZE_INJECTED
Protocol: HTTP/1.1 (GE ...
show more
Triggered Cloudflare WAF (linkMaze) from IE.
Action taken: LINK_MAZE_INJECTED
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp-json/gravitysmtp/v1/tests/mock-data
UA: Mozilla/5.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฌ๐ง
Apache
2026-07-10 13:34:02
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 157.157.221.26 (IS/Iceland/157-157-221-26.dsl.d ...
show more
(mod_security) mod_security (id:210492) triggered by 157.157.221.26 (IS/Iceland/157-157-221-26.dsl.dynamic.simnet.is): 5 in the last 300 secs (CF_ENABLE)
show less
Brute-Force
Web App Attack
๐ง๐ช
madeit
2026-07-10 13:19:34
(23 hours ago)
Web App Attack
๐ฌ๐ง
Oakley
2026-07-10 13:15:41
(23 hours ago)
(confirmed_bot_sig) Confirmed bot
Hacking
๐จ๐ญ
TheCoon
2026-07-10 12:45:01
(23 hours ago)
Automated: Credential theft attempt - JSON bomb served
Web App Attack
Hacking
๐ณ๐ฑ
i-turnradio.nl
2026-07-10 12:31:01
(1 day ago)
2026-07-10 @ 14:31:01 (CET) ~ Blocked for trying to access: /.env.production
Web App Attack
๐ฌ๐ง
Yosi
2026-07-10 12:01:25
(1 day ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
๐ฌ๐ง
gurnip
2026-07-10 11:59:24
(1 day ago)
Vulnerability probe of page /.env.staging, not found on server.
Brute-Force
Web App Attack
๐ณ๐ฑ
DrLex0
2026-07-10 11:44:50
(1 day ago)
Poking for env files, likely botnet drone
157.157.221.26 443 - [10/Jul/2026:11:43:38 +0000] "GET / ...
show more
Poking for env files, likely botnet drone
157.157.221.26 443 - [10/Jul/2026:11:43:38 +0000] "GET / HTTP/1.1" 200 9644 "http://redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
157.157.221.26 80 - [10/Jul/2026:11:43:57 +0000] "GET /.env HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:12 +0000] "GET /.env HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:14 +0000] "GET /.env.local HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:25 +0000] "GET /.env.local HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:26 +0000] "GET /.env.production HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:42 +0000] "GET /.env.production HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
157.157.221.26 80 - [10/Jul/2026:11:44:50 +0000] "GET /.env.development HTTP/1.1" 404 2383 "-" "Mozilla/5.0"
show less
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
๐ซ๐ท
Baking333
2026-07-10 11:43:17
(1 day ago)
[redacted] 157.157.221.26 - - [10/Jul/2026:12:43:14 +0100] "GET /.[redacted] HTTP/1.1" 302 6773 0/68 ...
show more
[redacted] 157.157.221.26 - - [10/Jul/2026:12:43:14 +0100] "GET /.[redacted] HTTP/1.1" 302 6773 0/68349 "-" "Mozilla/5.0" [redacted] 157.157.221.26 - - [10/Jul/2026:12:43:16 +0100] "GET / HTTP/1.1" 200 7706 0/92510 "https://[redacted]/.[redacted]" "Mozilla/5.0"
show less
Bad Web Bot
Web App Attack
๐ฌ๐ง
WebNiraj
2026-07-10 11:30:06
(1 day ago)
(mod_security) mod_security (id:949110) triggered by 157.157.221.26 (IS/Iceland/157-157-221-26.dsl.d ...
show more
(mod_security) mod_security (id:949110) triggered by 157.157.221.26 (IS/Iceland/157-157-221-26.dsl.dynamic.simnet.is): 5 in the last 3600 secs [SIGMA]
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-10 10:58:53
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 157.157.221.26 (157-157-221-26.dsl.dynamic.simn ...
show more
(mod_security) mod_security (id:210492) triggered by 157.157.221.26 (157-157-221-26.dsl.dynamic.simnet.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 06:58:50.526065 2026] [security2:error] [pid 26027:tid 26027] [client 157.157.221.26:57126] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "natashahenry.co.uk"] [uri "/.env"] [unique_id "alDQau5lbAm-CPH3nunUfQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack