๐บ๐ธ
TPI-Abuse
2026-07-17 13:40:38
(48 minutes ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:40:32.775147 2026] [security2:error] [pid 21685:tid 21685] [client 171.111.192.102:53578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "peaksalesnw.com"] [uri "/.env.prod"] [unique_id "alow0MELxARxpGo2mIT65wAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:00:54
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:00:49.806097 2026] [security2:error] [pid 1008849:tid 1008866] [client 171.111.192.102:52373] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deathconfusion.com"] [uri "/.env"] [unique_id "alongQQZShlrivF6ugoM2wAAAEw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
IVski
2026-07-17 10:22:51
(4 hours ago)
IVski WAF | Sensitive file probe detected - looking for .env
Port Scan
Brute-Force
Web App Attack
๐ซ๐ท
largo-it.net
2026-07-17 10:22:35
(4 hours ago)
Jul 17 12:22:21 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:56360 [17/Jul/2026:12:22:21.390] www_ ...
show more
Jul 17 12:22:21 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:56360 [17/Jul/2026:12:22:21.390] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/350/361 404 3252 - - ---- 68/21/0/0/0 0/0 "GET /backend/.env HTTP/1.1"
Jul 17 12:22:23 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:56360 [17/Jul/2026:12:22:22.403] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/716/727 404 3252 - - ---- 67/20/0/0/0 0/0 "GET /frontend/.env HTTP/1.1"
Jul 17 12:22:26 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:53707 [17/Jul/2026:12:22:26.497] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/371/382 404 3252 - - ---- 70/23/0/0/0 0/0 "GET /api/.env HTTP/1.1"
Jul 17 12:22:27 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:56360 [17/Jul/2026:12:22:27.331] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/330/340 404 3252 - - ---- 68/21/0/0/0 0/0 "GET /server/.env HTTP/1.1"
Jul 17 12:22:29 vps-9f3cdc33 haproxy[1195832]: 171.111.192.102:53707 [17/Jul/2026:12:22:28.924] www_fron
...
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:01:00
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:00:57.641602 2026] [security2:error] [pid 31228:tid 31228] [client 171.111.192.102:54772] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tgaguide.com"] [uri "/.env.local"] [unique_id "aln9Wd5THjkqW-sbj00jYAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
lns.bz
2026-07-17 10:00:24
(4 hours ago)
Web app attack [PL.Lu]
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:39:46
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:39:40.438033 2026] [security2:error] [pid 61069:tid 61069] [client 171.111.192.102:48406] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.wall.cswiki.us"] [uri "/.env.tmp"] [unique_id "aln4XL1VOf0gNDJoXLiWKQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:30:14
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:30:07.155553 2026] [security2:error] [pid 201400:tid 201400] [client 171.111.192.102:49790] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rgdemos.kmelson.com"] [uri "/config/.env"] [unique_id "almhvwQQE7rg2fStcrKt5gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:04:04
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:03:59.080607 2026] [security2:error] [pid 192808:tid 192808] [client 171.111.192.102:49179] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uhfcfoundation.org"] [uri "/.env.dist"] [unique_id "almbn0e0EiJPsTYezNXtlgAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:38:42
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:38:36.964575 2026] [security2:error] [pid 30066:tid 30066] [client 171.111.192.102:38560] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwars.net"] [uri "/.env.example"] [unique_id "almVrCb2BlzCRwptYZBfCgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-17 00:19:17
(14 hours ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 23:34:18
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 19:34:13.600806 2026] [security2:error] [pid 9169:tid 9169] [client 171.111.192.102:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.ndanetworks.com"] [uri "/.env"] [unique_id "allqdRXBRBNgGgwDfY9aEwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 23:27:26
(15 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-16 21:56:41
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:56:33.516632 2026] [security2:error] [pid 19211:tid 19211] [client 171.111.192.102:40228] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.votmuli.com.greenlight.us"] [uri "/.env"] [unique_id "allTkT877ops0b_N-gEhGQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:58:52
(17 hours ago)
(mod_security) mod_security (id:210730) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 171.111.192.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:58:45.441218 2026] [security2:error] [pid 7612:tid 7638] [client 171.111.192.102:43831] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.agrigrailtech.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.agrigrailtech.com"] [uri "/config/master.key"] [unique_id "allGBbBguXpMViz5q6FCmwAAAQ8"]
show less
Brute-Force
Bad Web Bot
Web App Attack