๐บ๐ธ
mnsf
2026-07-17 03:07:09
(2 hours ago)
Too many Status 40X (143)
Scanning/Probing (55)
Request Overload (157)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:44:29
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:44:24.359194 2026] [security2:error] [pid 22203:tid 22203] [client 16.58.148.54:13796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cs4kids.org.jacksonpropertyrentals.com"] [uri "/.env.staging"] [unique_id "almI-ArBWXH8G5rBoWY_fwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
wsyq
2026-07-17 01:15:53
(4 hours ago)
Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource
...
Bad Web Bot
Web App Attack
๐ฉ๐ช
joharikop
2026-07-17 00:22:59
(5 hours ago)
Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-cred ...
show more
Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-credential-probes jail.
show less
Web App Attack
๐ฉ๐ช
findlab
2026-07-16 22:45:05
(7 hours ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-16 21:03:24
(9 hours ago)
Try to access /src/.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:42:03
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:41:57.780033 2026] [security2:error] [pid 1715:tid 1715] [client 16.58.148.54:56966] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ridgecrestrealtors.com"] [uri "/.envrc"] [unique_id "allCFTFiK2S-LlKD8ODyIwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 20:29:00
(9 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 16.58.148.54 (US/United States/ec2-16-5 ...
show more
(mod_security) mod_security triggered on hostname [redacted] 16.58.148.54 (US/United States/ec2-16-58-148-54.us-east-2.compute.amazonaws.com)
show less
SQL Injection
๐ฉ๐ช
FeG Deutschland
2026-07-16 20:21:03
(9 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฉ๐ช
gadix
2026-07-16 20:07:56
(9 hours ago)
[16/Jul/2026:22:07:56.209885 +0200] alk6HPeohLI8yLp6tsGhJgAAAE8 16.58.148.54 60988 127.0.0.1 7081
[1 ...
show more
[16/Jul/2026:22:07:56.209885 +0200] alk6HPeohLI8yLp6tsGhJgAAAE8 16.58.148.54 60988 127.0.0.1 7081
[16/Jul/2026:22:07:56.345198 +0200] alk6HPeohLI8yLp6tsGhJwAAAEk 16.58.148.54 60990 127.0.0.1 7081
[16/Jul/2026:22:07:56.479281 +0200] alk6HPeohLI8yLp6tsGhKAAAAEQ 16.58.148.54 60992 127.0.0.1 7081
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:04:45
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:04:36.812525 2026] [security2:error] [pid 3249:tid 3249] [client 16.58.148.54:37744] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerbypage.com"] [uri "/.env.old"] [unique_id "alk5VEXPf9Burj8xWRNktAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-16 20:03:11
(10 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 19:47:46
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:47:38.309617 2026] [security2:error] [pid 29836:tid 29836] [client 16.58.148.54:50628] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zaaniebowen.dev"] [uri "/.env.backup"] [unique_id "alk1WtnLN7fuqDo8z72rKwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 18:18:15
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:18:11.506342 2026] [security2:error] [pid 3013:tid 3013] [client 16.58.148.54:43926] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mvpbees.com"] [uri "/.env.test"] [unique_id "alkgY5JLjJDVal0b30jSxwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 17:46:05
(12 hours ago)
(mod_security) mod_security (id:210730) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.comput ...
show more
(mod_security) mod_security (id:210730) triggered by 16.58.148.54 (ec2-16-58-148-54.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:45:59.588739 2026] [security2:error] [pid 9455:tid 9455] [client 16.58.148.54:38982] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.restest.rayeliotschwartz.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.restest.rayeliotschwartz.com"] [uri "/config/master.key"] [unique_id "alkY1zfHX8UK3JHdwabyYQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack