Anonymous
2026-07-01 04:35:11
(4 days ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ณ๐ฑ
e.fierstra
2026-06-08 10:46:02
(3 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
WellSpring
2026-06-08 07:22:31
(3 weeks ago)
env leak on 503.today/member/.env โ WellSpr.ing/NetSentinel civic-AI security layer
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-06-08 05:13:25
(3 weeks ago)
36 attacks on env grabbing URLs:
GET /dev/.env HTTP/1.1
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-08 02:10:07
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:10:03.016009 2026] [security2:error] [pid 6823:tid 6823] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:20096] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "animatuevento.com.mx"] [uri "/core/.env"] [unique_id "aiYke2LPKtFocsw0dLgR3QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
myintarweb
2026-06-07 23:34:55
(3 weeks ago)
2a02:4780:5c:2154:0:c8c:e7a1:1 - - [08/Jun/2026:00:34:55 +0100] 443 "GET /.env HTTP/1.1" 404 5242 "- ...
show more
2a02:4780:5c:2154:0:c8c:e7a1:1 - - [08/Jun/2026:00:34:55 +0100] 443 "GET /.env HTTP/1.1" 404 5242 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2a02:4780:5c:2154:0:c8c:e7a1:1 - - [08/Jun/2026:00:34:55 +0100] 443 "GET /admin/.env HTTP/1.1" 404 5242 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2a02:4780:5c:2154:0:c8c:e7a1:1 - - [08/Jun/2026:00:34:55 +0100] 443 "GET /dev/.env HTTP/1.1" 404 5242 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
...
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:28:10
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:28:06.624599 2026] [security2:error] [pid 21714:tid 21714] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:36880] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "redbends.com"] [uri "/admin/.env"] [unique_id "aiXwdl9TWL0UXmURVzRiPQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-07 22:07:30
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
dtorrer
2026-06-07 20:21:41
(3 weeks ago)
General vulnerability scan.
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-07 20:19:05
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:18:57.965212 2026] [security2:error] [pid 1557:tid 1617] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:56490] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newports.net"] [uri "/member/.env"] [unique_id "aiXSMYMSmSzfB1UmYCy02QAAAZE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 19:49:11
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:49:08.283917 2026] [security2:error] [pid 6252:tid 6252] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:20582] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "title-26.com"] [uri "/.env"] [unique_id "aiXLNLzoi9yFDbl56rHghAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:57:19
(3 weeks ago)
(mod_security) mod_security (id:949110) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:949110) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:57:13.935284 2026] [security2:error] [pid 8653:tid 8653] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:21258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "akistech.com"] [uri "/admin/.env"] [unique_id "aiWw-YEGRvE7qQlkEOJNOAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 17:00:29
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:00:22.586247 2026] [security2:error] [pid 19816:tid 19816] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:64502] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pasadenahairextensions.com"] [uri "/core/.env"] [unique_id "aiWjpkEYU1QI0LnrgjKKnQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-07 13:48:44
(3 weeks ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 13:43:43
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:5c:2154:0:c8c:e7a1:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 09:43:38.612808 2026] [security2:error] [pid 17252:tid 17252] [client 2a02:4780:5c:2154:0:c8c:e7a1:1:38200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "recetabook.com"] [uri "/admin/.env"] [unique_id "aiV1imfE3v0WHAkdbi8FJQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack