Anonymous
2026-07-01 04:34:58
(2 days ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ฉ๐ช
pscriptos
2026-06-08 11:26:35
(3 weeks ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-08 06:21:39
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:21:33.363644 2026] [security2:error] [pid 9817:tid 9817] [client 2a02:4780:11:1102:0:1ced:8b4:1:58812] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bikinitweets.com"] [uri "/dev/.env"] [unique_id "aiZfbaqil-RJlQd5XS5VRgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 05:57:32
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:57:25.584097 2026] [security2:error] [pid 30018:tid 30018] [client 2a02:4780:11:1102:0:1ced:8b4:1:26358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "openkiwiai.com"] [uri "/laravel/.env"] [unique_id "aiZZxYk6sAK0T7XsiUcOoAAAAHU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-06-08 05:13:18
(3 weeks ago)
9 attacks on env grabbing URLs:
GET /api/.env HTTP/1.1
Hacking
๐ฉ๐ช
ger-stg-sifi1
2026-06-08 01:37:31
(3 weeks ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 00:27:50
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:27:47.692534 2026] [security2:error] [pid 21751:tid 21751] [client 2a02:4780:11:1102:0:1ced:8b4:1:33690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "soglove.com"] [uri "/core/.env"] [unique_id "aiYMgyDrfABWWaERk9CnqAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-07 23:46:24
(3 weeks ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:55:45
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:55:41.903945 2026] [security2:error] [pid 30744:tid 30744] [client 2a02:4780:11:1102:0:1ced:8b4:1:63280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pkmachine.com"] [uri "/api/.env"] [unique_id "aiX27d6FqxsV28arstH6JwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-07 22:03:18
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-07 21:29:02
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:28:55.391957 2026] [security2:error] [pid 8691:tid 8691] [client 2a02:4780:11:1102:0:1ced:8b4:1:39604] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rahjx.net"] [uri "/backend/.env"] [unique_id "aiXil4lSddGzkEJpC-sSVAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 20:37:32
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:37:26.600059 2026] [security2:error] [pid 31117:tid 31117] [client 2a02:4780:11:1102:0:1ced:8b4:1:50792] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "summit1000.group"] [uri "/admin/.env"] [unique_id "aiXWhg7wnudw0d-pD7C8FwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 14:16:14
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 10:16:08.686894 2026] [security2:error] [pid 18913:tid 18924] [client 2a02:4780:11:1102:0:1ced:8b4:1:54482] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a2zlns.com"] [uri "/backend/.env"] [unique_id "aiV9KEx1usYBkwwWduP0vwAAAEk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-07 12:39:38
(3 weeks ago)
(modsecurity) srv201 ModSecurity 2a02:4780:11:1102:0:1ced:8b4:1 (IN/India/-): 10 in the last 3600 se ...
show more
(modsecurity) srv201 ModSecurity 2a02:4780:11:1102:0:1ced:8b4:1 (IN/India/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 11:58:44
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1102:0:1ced:8b4:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 07:58:39.304998 2026] [security2:error] [pid 25886:tid 25886] [client 2a02:4780:11:1102:0:1ced:8b4:1:51340] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "majesticsolutions.co"] [uri "/.env"] [unique_id "aiVc7-aCNPT2QDEUJDGt6QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack