π³π±
homeshowdomain.nl
2026-06-08 22:00:39
(4 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07.
show less
Web App Attack
SSH
Hacking
π«π·
dynamix
2026-06-08 09:09:37
(4 weeks ago)
Multiple WAF Violations
Web App Attack
Anonymous
2026-06-08 07:42:59
(4 weeks ago)
[Mon Jun 08 09:42:58.436295 2026] [authz_core:error] [pid 19631] [client 2a02:4780:b:733:0:277c:e93f ...
show more
[Mon Jun 08 09:42:58.436295 2026] [authz_core:error] [pid 19631] [client 2a02:4780:b:733:0:277c:e93f:1:46792] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Mon Jun 08 09:42:58.436319 2026] [authz_core:error] [pid 19669] [client 2a02:4780:b:733:0:277c:e93f:1:46778] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Mon Jun 08 09:42:58.439937 2026] [authz_core:error] [pid 19198] [client 2a02:4780:b:733:0:277c:e93f:1:46770] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Web App Attack
π©πͺ
XICTRON
2026-06-08 03:45:03
(4 weeks ago)
ModSecurity rule violation detected by Fail2Ban
Web App Attack
π©πͺ
BlueWire Hosting
2026-06-07 22:43:45
(1 month ago)
Probing websites for vulnerabilities
Web App Attack
SQL Injection
πΊπΈ
TPI-Abuse
2026-06-07 15:21:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:20:55.445454 2026] [security2:error] [pid 11122:tid 11122] [client 2a02:4780:b:733:0:277c:e93f:1:46410] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "opmasterpainter.com"] [uri "/.env"] [unique_id "aiWMV3N4Wd7tZWCWAZGgNgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
Baking333
2026-06-07 14:08:36
(1 month ago)
[redacted] 2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:15:08:34 +0100] "GET /.env HTTP/1.1" 302 1 ...
show more
[redacted] 2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:15:08:34 +0100] "GET /.env HTTP/1.1" 302 1533 0/70007 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" [redacted] 2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:15:08:34 +0100] "GET /core/.env HTTP/1.1" 302 1533 0/97951 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
show less
Bad Web Bot
Web App Attack
π«π·
ELYAZ
2026-06-07 12:24:21
(1 month ago)
(y3) Failed access -byebye- from 2a02:4780:b:733:0:277c:e93f:1 (Unknown): (CF_ENABLE)
Hacking
π©πͺ
LRob
2026-06-07 10:45:09
(1 month ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-07 05:37:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:37:47.571654 2026] [security2:error] [pid 14039:tid 14039] [client 2a02:4780:b:733:0:277c:e93f:1:19398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tucsonareamarinemoms.com"] [uri "/dev/.env"] [unique_id "aiUDq_5-uErKyH1j1oXF5gAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-06 21:07:28
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in t ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:733:0:277c:e93f:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 17:07:23.487515 2026] [security2:error] [pid 7720:tid 7720] [client 2a02:4780:b:733:0:277c:e93f:1:18014] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hotjive.com"] [uri "/.env"] [unique_id "aiSMC5H-jXu_omPk4Xq-AgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
aranguren.org
2026-06-06 20:06:51
(1 month ago)
2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:06:06:51 +1000] "GET /core/.env HTTP/1.1" 404 1140 "h ...
show more
2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:06:06:51 +1000] "GET /core/.env HTTP/1.1" 404 1140 "https://luisaranguren.com/core/.env" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:06:06:51 +1000] "GET /.env HTTP/1.1" 404 1130 "https://luisaranguren.com/.env" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:06:06:51 +1000] "GET /app/.env HTTP/1.1" 404 1138 "https://luisaranguren.com/app/.env" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2a02:4780:b:733:0:277c:e93f:1 - - [07/Jun/2026:06:06:51 +1000] "GET /api/.env HTTP/1.1" 404 1138 "https://luisaranguren.com/api/.env" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.
...
show less
Bad Web Bot
π¨π¦
lakered
2026-06-06 16:31:47
(1 month ago)
Detectors: [NGINX, CROWDSEC] | Reasons: CrowdSec: Security alert | Nginx Honeypot: Sensitive configu ...
show more
Detectors: [NGINX, CROWDSEC] | Reasons: CrowdSec: Security alert | Nginx Honeypot: Sensitive configuration file search | Tech Evidence: JA4H: 6ffaa43d4a770afc2f11ca03815de1dc, Incomplete-Browser-Profile (Missing: Accept, Accept-Encoding, Accept-Language), Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d190900), JA4: t13d190900 | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
show less
Web App Attack
Hacking
π«π·
dynamix
2026-06-06 14:05:27
(1 month ago)
Multiple WAF Violations
Web App Attack
πΊπΈ
interbiznw.com
2026-06-06 00:20:32
(1 month ago)
malicious-web-requests-vulnerability-scanning
Hacking
Brute-Force
Exploited Host
Web App Attack