๐ซ๐ท
SpaceHost-Server
2026-06-08 22:28:51
(3 weeks ago)
Brute-Force
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-08 21:59:11
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07.
show less
Web App Attack
SSH
Hacking
Anonymous
2026-06-08 11:24:47
(3 weeks ago)
Fail2Ban triggered
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 09:58:53
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:58:49.993125 2026] [security2:error] [pid 21802:tid 21802] [client 2a02:4780:11:1850:0:65d:1987:1:63138] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirkrmartin.com"] [uri "/admin/.env"] [unique_id "aiaSWXSywXEiE_3OVRqtKgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
filstal.org
2026-06-08 08:31:02
(3 weeks ago)
CrowdSec: crowdsecurity/http-probing
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-08 07:30:25
(3 weeks ago)
(mod_security) mod_security (id:949110) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:949110) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:30:22.960559 2026] [security2:error] [pid 9903:tid 9903] [client 2a02:4780:11:1850:0:65d:1987:1:38308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "faithfoundationenterprise.com"] [uri "/.env.save"] [unique_id "aiZvjiJAqnCFQ1KYwM9wjwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 05:27:07
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:27:02.253788 2026] [security2:error] [pid 13394:tid 13394] [client 2a02:4780:11:1850:0:65d:1987:1:57404] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "waleed-alshalan.com"] [uri "/core/.env.save"] [unique_id "aiZSpoIDf3QXb1NU0obc9QAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-06-08 05:13:26
(3 weeks ago)
12 attacks on env grabbing URLs:
GET /admin/.env HTTP/1.1
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-08 04:45:44
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 00:45:36.543716 2026] [security2:error] [pid 2990:tid 2990] [client 2a02:4780:11:1850:0:65d:1987:1:60082] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teamrealduck.com"] [uri "/.env.save"] [unique_id "aiZI8GI5IJdMc6ifmwpyQAAAACM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 03:16:05
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:16:01.473237 2026] [security2:error] [pid 7124:tid 7124] [client 2a02:4780:11:1850:0:65d:1987:1:52546] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aperturecontrols.com"] [uri "/app/.env"] [unique_id "aiYz8SgXUQmYh86Z23657wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 01:59:05
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:58:59.710517 2026] [security2:error] [pid 10838:tid 10934] [client 2a02:4780:11:1850:0:65d:1987:1:64714] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crowns.org"] [uri "/.env.save"] [unique_id "aiYh44EIzUo_sHBIfuRbTwAAAdE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 23:26:17
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 19:26:13.468027 2026] [security2:error] [pid 2652:tid 2652] [client 2a02:4780:11:1850:0:65d:1987:1:19716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dcsteven.com"] [uri "/core/.env"] [unique_id "aiX-FQnq-ASdKnabv379awAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-07 22:27:47
(3 weeks ago)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:58:21
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:58:17.597362 2026] [security2:error] [pid 6458:tid 6458] [client 2a02:4780:11:1850:0:65d:1987:1:38728] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whipchecks.com.au"] [uri "/app/.env"] [unique_id "aiWxOTCLLzdgEGl9cUTq7QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:08:00
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:1850:0:65d:1987:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:07:53.885428 2026] [security2:error] [pid 26875:tid 26875] [client 2a02:4780:11:1850:0:65d:1987:1:48804] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gisur.com"] [uri "/api/.env"] [unique_id "aiWlacJWMg0Y04-UUbKkdwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack