๐จ๐ญ
4server
2026-07-14 20:24:32
(3 hours ago)
[TueJul1422:24:25.1764902026][security2:error][pid204923:tid205175][client172.236.148.240:0]ModSecur ...
show more
[TueJul1422:24:25.1764902026][security2:error][pid204923:tid205175][client172.236.148.240:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"fisioterapiafalzone.ch\"][uri\"/.env\"][unique_id\"alaa-ZTl4K-3IgrE739GJgAAARQ\"]
show less
Hacking
Web App Attack
๐ฉ๐ช
Lino Project
2026-07-14 07:47:52
(15 hours ago)
172.236.148.240 - - [14/Jul/2026:09:47:49 +0200] "GET /.env HTTP/1.1" 302 441 "-" "Mozilla/5.0 (Wind ...
show more
172.236.148.240 - - [14/Jul/2026:09:47:49 +0200] "GET /.env HTTP/1.1" 302 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-07-14 07:43:50
(16 hours ago)
Scanning for exploits - /.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 07:06:59
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeuserc ...
show more
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 03:06:51.310847 2026] [security2:error] [pid 571:tid 571] [client 172.236.148.240:53772] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "waggonerfinancial.com"] [uri "/.env"] [unique_id "alXgC60rcoq8rNTf18cDGgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
lnklnx
2026-07-14 07:00:34
(16 hours ago)
www.lnklnx.com:80 172.236.148.240 - - [14/Jul/2026:02:00:32 -0500] "GET /.env HTTP/1.1" 301 615 "-" ...
show more
www.lnklnx.com:80 172.236.148.240 - - [14/Jul/2026:02:00:32 -0500] "GET /.env HTTP/1.1" 301 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ญ๐บ
kranem
2026-07-14 06:00:04
(17 hours ago)
Triggered Cloudflare WAF from SG.
Action taken: BLOCK
ASN: 63949 (Akamai Connected Cloud)
Protocol: ...
show more
Triggered Cloudflare WAF from SG.
Action taken: BLOCK
ASN: 63949 (Akamai Connected Cloud)
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env
Timestamp: 2026-07-14T05:51:56Z
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
show less
Bad Web Bot
๐ฌ๐ง
thetomtaylor.co.uk
2026-07-14 02:09:02
(21 hours ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx03]
Bad Web Bot
Web App Attack
๐ฌ๐ง
thetomtaylor.co.uk
2026-07-14 01:07:01
(22 hours ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,mx01,mx02,wa01,wa ...
show more
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,mx01,mx02,wa01,wa02]
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 20:39:18
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeuserc ...
show more
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 16:39:14.919634 2026] [security2:error] [pid 3882260:tid 3882260] [client 172.236.148.240:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "365soft.top"] [uri "/.env"] [unique_id "alVM8n3D6bRMd9Z2iaTsUQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-07-13 20:05:11
(1 day ago)
Abuse Detected (9)
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-13 18:13:59
(1 day ago)
172.236.148.240 - - [13/Jul/2026:14:13:56 -0400] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Wind ...
show more
172.236.148.240 - - [13/Jul/2026:14:13:56 -0400] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.236.148.240 - - [13/Jul/2026:14:13:57 -0400] "GET /.env HTTP/1.1" 301 4865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.236.148.240 - - [13/Jul/2026:14:13:58 -0400] "GET /.env HTTP/1.1" 404 95928 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 15:14:00
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeuserc ...
show more
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 11:13:54.183990 2026] [security2:error] [pid 11885:tid 11885] [client 172.236.148.240:57441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "todddavis.net"] [uri "/.env"] [unique_id "alUAsoAKoyQTGdVXd1WA_QAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Baking333
2026-07-13 14:57:06
(1 day ago)
[redacted] 172.236.148.240 - - [13/Jul/2026:15:57:01 +0100] "GET /.env HTTP/2.0" 301 291 "-" "Mozill ...
show more
[redacted] 172.236.148.240 - - [13/Jul/2026:15:57:01 +0100] "GET /.env HTTP/2.0" 301 291 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 172.236.148.240 - - [13/Jul/2026:15:57:01 +0100] "GET /fr/.env/ HTTP/2.0" 404 26581 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 14:31:49
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeuserc ...
show more
(mod_security) mod_security (id:210492) triggered by 172.236.148.240 (172-236-148-240.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 10:31:41.711751 2026] [security2:error] [pid 12041:tid 12041] [client 172.236.148.240:55172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chatgptfrance.net"] [uri "/.env"] [unique_id "alT2zeXQ-QGmGDrJh7S2WQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
HostingGroup
2026-07-13 14:26:53
(1 day ago)
Automated malicious activity (Honeypot Trap) detected and blocked at the CDN edge by NordicCDN Shiel ...
show more
Automated malicious activity (Honeypot Trap) detected and blocked at the CDN edge by NordicCDN Shield. Offenses: 1. First blocked: 2026-07-13.
show less
Bad Web Bot
Web App Attack