๐บ๐ธ
TPI-Abuse
2026-06-08 10:35:35
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:35:30.792120 2026] [security2:error] [pid 19181:tid 19181] [client 2a02:4780:11:934:0:2d7b:5d4d:10:47686] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "realdoctorstories.com"] [uri "/api/.env.save"] [unique_id "aiaa8k6bWIIAgPClqhd15QAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-06-08 10:05:10
(4 weeks ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-08 07:10:23
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:10:19.134375 2026] [security2:error] [pid 24390:tid 24390] [client 2a02:4780:11:934:0:2d7b:5d4d:10:31486] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yalaz.com"] [uri "/core/.env"] [unique_id "aiZq214vbuVnfrOobSdbLAAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 03:20:24
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:20:20.423326 2026] [security2:error] [pid 9475:tid 9475] [client 2a02:4780:11:934:0:2d7b:5d4d:10:22334] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "victorvictor.biz"] [uri "/admin/.env"] [unique_id "aiY09EORVTKDhA4a4G6SEgAAAEw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 02:03:33
(4 weeks ago)
(mod_security) mod_security (id:949110) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:949110) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:03:28.437269 2026] [security2:error] [pid 6817:tid 6817] [client 2a02:4780:11:934:0:2d7b:5d4d:10:21626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "darksecretvideo.com"] [uri "/backend/.env"] [unique_id "aiYi8DLxcTAfSDVtZUksxAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Gwyneth Llewelyn
2026-06-08 00:59:08
(4 weeks ago)
2026/06/08 01:59:06 [error] 1929836#1929836: *150270 access forbidden by rule, client: 2a02:4780:11: ...
show more
2026/06/08 01:59:06 [error] 1929836#1929836: *150270 access forbidden by rule, client: 2a02:4780:11:934:0:2d7b:5d4d:10, server: bestasquadradas.org, request: "GET /.env HTTP/2.0", host: "bestasquadradas.org"
2a02:4780:11:934:0:2d7b:5d4d:10 - - [08/Jun/2026:01:59:06 +0100] "GET /.env HTTP/2.0" 403 1045 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2026/06/08 01:59:06 [error] 1929836#1929836: *150273 access forbidden by rule, client: 2a02:4780:11:934:0:2d7b:5d4d:10, server: bestasquadradas.org, request: "GET /members/.env HTTP/2.0", host: "bestasquadradas.org"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 00:40:37
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:40:30.081679 2026] [security2:error] [pid 26790:tid 26790] [client 2a02:4780:11:934:0:2d7b:5d4d:10:41942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bhartman.com"] [uri "/api/.env"] [unique_id "aiYPfv8LTtcA7DM9jUe72wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 00:18:17
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:18:14.357668 2026] [security2:error] [pid 3051:tid 3051] [client 2a02:4780:11:934:0:2d7b:5d4d:10:44504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jonesypop.com"] [uri "/api/.env"] [unique_id "aiYKRqah3jfq3ty8jEYFggAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:11:39
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:11:34.078395 2026] [security2:error] [pid 18381:tid 18381] [client 2a02:4780:11:934:0:2d7b:5d4d:10:22136] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "weird.eco"] [uri "/app/.env"] [unique_id "aiXslm-v9WNVxj7z77yWsgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-07 22:07:55
(4 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-07 19:54:30
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:54:27.265020 2026] [security2:error] [pid 7675:tid 7675] [client 2a02:4780:11:934:0:2d7b:5d4d:10:40362] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dovka.com"] [uri "/core/.env.save"] [unique_id "aiXMc2mMXbxnjTG_yh9a2AAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WellSpring
2026-06-07 17:42:03
(4 weeks ago)
env leak on 575.today/members/.env โ WellSpr.ing/NetSentinel civic-AI security layer
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:17:20
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:17:13.716439 2026] [security2:error] [pid 11290:tid 11290] [client 2a02:4780:11:934:0:2d7b:5d4d:10:50940] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kugbe.com"] [uri "/core/.env.save"] [unique_id "aiWnmeeOUriu1sdQbrgmnAAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 16:20:30
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:20:24.388409 2026] [security2:error] [pid 9695:tid 9695] [client 2a02:4780:11:934:0:2d7b:5d4d:10:24966] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stmaarten-boatcharters.com"] [uri "/.env"] [unique_id "aiWaSKV3rEmOdMByGbhjjgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 16:03:58
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:11:934:0:2d7b:5d4d:10 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:03:54.987713 2026] [security2:error] [pid 3042:tid 3042] [client 2a02:4780:11:934:0:2d7b:5d4d:10:52466] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xcengineering.xyz"] [uri "/admin/.env"] [unique_id "aiWWaij6fGMzx8WeR4ptYgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack