Anonymous
2026-07-01 04:34:50
(1 day ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
π³π±
homeshowdomain.nl
2026-06-08 21:59:19
(3 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07.
show less
Web App Attack
SSH
Hacking
πΊπΈ
Charlesiv
2026-06-08 14:07:52
(3 weeks ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
ASN: 47583 (Hostinger Interna ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
ASN: 47583 (Hostinger International Limited)
Protocol: HTTP/1.1 (GET method)
Endpoint: /app/.env
Timestamp: 2026-06-08T14:00:46Z
Ray ID: a0886cb8493b83d9
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
show less
Bad Web Bot
πΊπΈ
WellSpring
2026-06-08 10:23:27
(3 weeks ago)
env leak on 562.today/backend/.env β WellSpr.ing/NetSentinel civic-AI security layer
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 08:25:37
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:25:30.063664 2026] [security2:error] [pid 24132:tid 24132] [client 2a02:4780:b:1207:0:208a:dc5e:1:54242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "difusionens.org"] [uri "/core/.env"] [unique_id "aiZ8ekDLR-43oW9eMawsQAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
openstrike.co.uk
2026-06-08 05:13:37
(3 weeks ago)
9 attacks on env grabbing URLs:
GET /app/.env HTTP/1.1
Hacking
π©πͺ
Zydzy
2026-06-08 03:30:39
(3 weeks ago)
Automated attack detected. Server: 95.140.154.181. Jail: nginx-exploit.
Web App Attack
π©πͺ
big-cloud.nl
2026-06-08 01:29:21
(3 weeks ago)
Try to access /app/.env
Web App Attack
π©πͺ
ger-stg-sifi1
2026-06-07 23:30:36
(3 weeks ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
π¦πΊ
2000cn.com.au
2026-06-07 22:11:53
(3 weeks ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
πΊπΈ
TPI-Abuse
2026-06-07 20:36:53
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:36:47.539613 2026] [security2:error] [pid 26661:tid 26661] [client 2a02:4780:b:1207:0:208a:dc5e:1:50630] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "michaelcaico.com"] [uri "/.env"] [unique_id "aiXWX-d8kKisNJDtj_NBwQAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Buster
2026-06-07 17:30:00
(3 weeks ago)
Trawling for vulnerabilities from Perm Blocked ASN and country: tries from German Hostinger IPs and ...
show more
Trawling for vulnerabilities from Perm Blocked ASN and country: tries from German Hostinger IPs and US Hostinger IPs
show less
Brute-Force
Web App Attack
π©πͺ
Gwyneth Llewelyn
2026-06-07 16:44:49
(3 weeks ago)
2026/06/07 17:44:47 [error] 1929836#1929836: *39527 access forbidden by rule, client: 2a02:4780:b:12 ...
show more
2026/06/07 17:44:47 [error] 1929836#1929836: *39527 access forbidden by rule, client: 2a02:4780:b:1207:0:208a:dc5e:1, server: bestasquadradas.org, request: "GET /core/.env HTTP/2.0", host: "bestasquadradas.org"
2026/06/07 17:44:47 [error] 1929836#1929836: *39530 access forbidden by rule, client: 2a02:4780:b:1207:0:208a:dc5e:1, server: bestasquadradas.org, request: "GET /app/.env HTTP/2.0", host: "bestasquadradas.org"
2026/06/07 17:44:47 [error] 1929838#1929838: *39529 access forbidden by rule, client: 2a02:4780:b:1207:0:208a:dc5e:1, server: bestasquadradas.org, request: "GET /laravel/.env HTTP/2.0", host: "bestasquadradas.org"
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 13:29:47
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 09:29:43.457964 2026] [security2:error] [pid 25619:tid 25619] [client 2a02:4780:b:1207:0:208a:dc5e:1:23760] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tcjohnston.com"] [uri "/.env"] [unique_id "aiVyRwph6Veu-KaXpTZxCwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 12:22:51
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:1207:0:208a:dc5e:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:22:48.346007 2026] [security2:error] [pid 1227:tid 1227] [client 2a02:4780:b:1207:0:208a:dc5e:1:58658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crowleywoodworking.com"] [uri "/laravel/.env"] [unique_id "aiVimOJN-9z-qqi7Coj4VAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack