๐ฉ๐ช
LRob
2026-07-17 16:06:40
(17 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /backup/.env | 5 distinct paths | UA: Mozilla/5. ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /backup/.env | 5 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 16:03:07
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 12:02:57.384930 2026] [security2:error] [pid 1798:tid 1798] [client 183.56.215.210:36337] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "andiamorun.com"] [uri "/.env"] [unique_id "alpSMTXNX2rFvX-ptvZHWAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:56:25
(19 hours ago)
(mod_security) mod_security (id:949110) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:56:17.781027 2026] [security2:error] [pid 874069:tid 874069] [client 183.56.215.210:59222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.weddingb.trophiesetc.us"] [uri "/.env.local"] [unique_id "alo0gS4lyISN3tip7AN_HAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:49:15
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:49:09.009375 2026] [security2:error] [pid 1144740:tid 1144740] [client 183.56.215.210:59775] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arcadiapropertiesllc.starrmail.net"] [uri "/.env.test"] [unique_id "aloWtdqeDfkFuPeatoDijAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:03:36
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:03:28.696528 2026] [security2:error] [pid 3911444:tid 3911444] [client 183.56.215.210:44093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ronelgas.com"] [uri "/.env"] [unique_id "aloMANnsn7cIWfi7GrB4WgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:38:01
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:37:57.051238 2026] [security2:error] [pid 24295:tid 24295] [client 183.56.215.210:42056] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "airdriedrivingschool.com"] [uri "/.env"] [unique_id "alnp5YsmzUUQZHDbI4SfSwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:04:08
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:04:04.132280 2026] [security2:error] [pid 10101:tid 10115] [client 183.56.215.210:42230] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trident-environmental.com"] [uri "/.env"] [unique_id "alm3xE759RQZnYzpQv1FAwAAAIk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Dominik Lysiak
2026-07-17 04:19:05
(1 day ago)
183.56.215.210 - - [17/Jul/2026:06:19:03 +0200] "GET /.env.vault HTTP/1.1" 200 2444 "-" "Mozilla/5.0 ...
show more
183.56.215.210 - - [17/Jul/2026:06:19:03 +0200] "GET /.env.vault HTTP/1.1" 200 2444 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
183.56.215.210 - - [17/Jul/2026:06:19:03 +0200] "GET /.aws/credentials HTTP/1.1" 200 2444 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
183.56.215.210 - - [17/Jul/2026:06:19:04 +0200] "GET /.aws/config HTTP/1.1" 200 2444 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:38:33
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:38:26.993331 2026] [security2:error] [pid 28561:tid 28561] [client 183.56.215.210:59608] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insidepublications.com"] [uri "/.env.example"] [unique_id "almVouv_ggaPH4asTgL-VQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
lns.bz
2026-07-17 02:31:23
(1 day ago)
Web app attack [PL.Lu]
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:12:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:12:11.638491 2026] [security2:error] [pid 59046:tid 59046] [client 183.56.215.210:56316] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jodstar.com"] [uri "/var/.env"] [unique_id "almBax8s6ivw3syrMEnFsgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐พ
lns.bz
2026-07-17 00:18:24
(1 day ago)
Too many 404 requests [BY]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 21:59:11
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:59:02.742986 2026] [security2:error] [pid 19106:tid 19106] [client 183.56.215.210:59076] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.mumawvickers.com"] [uri "/.env.test"] [unique_id "allUJszjL0yfbY3aDN_DzwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:58:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:58:10.566398 2026] [security2:error] [pid 20920:tid 20920] [client 183.56.215.210:39506] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.title47.com.itaxcenter.com"] [uri "/app/.env"] [unique_id "allF4lafiCOYyCZUHBk1TAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 19:57:42
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 183.56.215.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:57:34.593231 2026] [security2:error] [pid 28642:tid 28642] [client 183.56.215.210:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.c2cservices.com"] [uri "/.env.development"] [unique_id "alk3rsAGGbXnOp0hU1w_kgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack