๐ณ๐ฑ
larse99
2026-02-19 22:32:53
(4 months ago)
Detected scanning activity
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-02-08 04:54:44
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 23:54:36.814431 2026] [security2:error] [pid 25602:tid 25602] [client 20.99.240.128:58114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.244"] [uri "/.env"] [unique_id "aYgXDIkTDjSKzijirc7QegAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
alexsky06
2026-02-08 04:51:46
(4 months ago)
WAF block: crowdsecurity/vpatch-env-access from 20.99.240.128
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 04:31:04
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 23:30:59.471330 2026] [security2:error] [pid 24929:tid 24929] [client 20.99.240.128:50315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.27"] [uri "/.env"] [unique_id "aYgRg7qP3mG1WN-vXllLLwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 04:04:36
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 23:04:31.033435 2026] [security2:error] [pid 5848:tid 5848] [client 20.99.240.128:50378] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.89"] [uri "/.env"] [unique_id "aYgLT9kE2BWwJXVBI6YZOwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Phenix Info
2026-02-08 04:03:01
(4 months ago)
SmallGuard.fr - Forbidden Ext.
Web App Attack
Anonymous
2026-02-08 03:41:15
(4 months ago)
20.99.240.128 - - [08/Feb/2026:03:41:15 +0000] "GET /.env HTTP/1.1" 404 437 "-" "Mozilla/5.0 (X11; L ...
show more
20.99.240.128 - - [08/Feb/2026:03:41:15 +0000] "GET /.env HTTP/1.1" 404 437 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 03:40:09
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 22:40:01.858399 2026] [security2:error] [pid 6887:tid 6887] [client 20.99.240.128:51920] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.50"] [uri "/.env"] [unique_id "aYgFkRtsHwtSfhfXZpSi8AAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 03:11:10
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 22:11:06.716159 2026] [security2:error] [pid 4144280:tid 4144280] [client 20.99.240.128:49248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.167"] [uri "/.env"] [unique_id "aYf-yp1R52vZbj4zO_ujqgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ญ
Sawasdee
2026-02-08 02:57:06
(4 months ago)
Unwanted checking 80 or 443 port
...
Bad Web Bot
๐ง๐ท
Vieira Filho
2026-02-08 02:16:36
(4 months ago)
20.99.240.128 - - [07/Feb/2026:23:16:35 -0300] [35.198.31.82] "35.198.31.82" "GET /.env HTTP/1.1" 4 ...
show more
20.99.240.128 - - [07/Feb/2026:23:16:35 -0300] [35.198.31.82] "35.198.31.82" "GET /.env HTTP/1.1" 404 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 0.000
...
show less
Brute-Force
Exploited Host
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-02-08 02:16:07
(4 months ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 02:13:49
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 21:13:44.533422 2026] [security2:error] [pid 2698476:tid 2698492] [client 20.99.240.128:60231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.124"] [uri "/.env"] [unique_id "aYfxWJgpoYoodSlsJ7SA2AAAAQw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 01:58:09
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 20:58:03.514337 2026] [security2:error] [pid 32711:tid 32711] [client 20.99.240.128:59542] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.142"] [uri "/.env"] [unique_id "aYftq90zUhVmcdxBEAaxUwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-08 00:39:33
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.99.240.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 19:39:27.943052 2026] [security2:error] [pid 30445:tid 30445] [client 20.99.240.128:50397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.194"] [uri "/.env"] [unique_id "aYfbP0mXMv7IyTN1MZCaYgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack