π©πͺ
BlueWire Hosting
2026-06-08 04:12:30
(2 weeks ago)
Probing websites for vulnerabilities
Web App Attack
SQL Injection
πΊπΈ
TPI-Abuse
2026-06-08 03:08:44
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:08:38.503500 2026] [security2:error] [pid 16070:tid 16070] [client 2a02:4780:b:737:0:225d:dee:1:32312] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sailsara.com"] [uri "/core/.env"] [unique_id "aiYyNrHfDQgjoTbHvIch5wAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 02:47:32
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:47:28.314242 2026] [security2:error] [pid 661:tid 661] [client 2a02:4780:b:737:0:225d:dee:1:20276] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stellabluesales.com"] [uri "/core/.env.save"] [unique_id "aiYtQHIPSo0qUjSL8dyeogAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 01:47:44
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:47:37.604416 2026] [security2:error] [pid 20599:tid 20599] [client 2a02:4780:b:737:0:225d:dee:1:47682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rockitfish.com"] [uri "/members/.env"] [unique_id "aiYfOfhF--sS84rAqRJoRgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
2000cn.com.au
2026-06-08 01:28:35
(2 weeks ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
πΊπΈ
TPI-Abuse
2026-06-08 01:03:05
(2 weeks ago)
(mod_security) mod_security (id:949110) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:949110) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:02:57.204611 2026] [security2:error] [pid 23949:tid 23949] [client 2a02:4780:b:737:0:225d:dee:1:26458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dcagroupusa.com"] [uri "/dev/.env"] [unique_id "aiYUwWwmraWKZNua3kb7dQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
homeshowdomain.nl
2026-06-07 22:07:36
(2 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06.
show less
Web App Attack
SSH
Hacking
π¨π¦
lakered
2026-06-07 21:38:20
(2 weeks ago)
Detectors: [NGINX, CROWDSEC] | Reasons: CrowdSec: Security alert | Nginx Honeypot: Sensitive configu ...
show more
Detectors: [NGINX, CROWDSEC] | Reasons: CrowdSec: Security alert | Nginx Honeypot: Sensitive configuration file search | Tech Evidence: JA4H: 6ffaa43d4a770afc2f11ca03815de1dc, Incomplete-Browser-Profile (Missing: Accept, Accept-Encoding, Accept-Language), Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d190900), JA4: t13d190900 | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
show less
Web App Attack
Hacking
πΊπΈ
TPI-Abuse
2026-06-07 20:30:52
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:30:48.692168 2026] [security2:error] [pid 12603:tid 12603] [client 2a02:4780:b:737:0:225d:dee:1:33138] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teguer.com"] [uri "/core/.env"] [unique_id "aiXU-OpsuNyvny0pMXzvCQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
e.fierstra
2026-06-07 19:26:06
(2 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
π©πͺ
LRob.fr
2026-06-07 19:15:04
(2 weeks ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-07 17:45:43
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:45:35.656487 2026] [security2:error] [pid 30605:tid 30605] [client 2a02:4780:b:737:0:225d:dee:1:28306] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "collectivedzgn.com"] [uri "/admin/.env"] [unique_id "aiWuPw9q6O97zrZbkyiTrAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 16:58:30
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:58:24.148125 2026] [security2:error] [pid 20944:tid 20944] [client 2a02:4780:b:737:0:225d:dee:1:38786] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hkaida.com"] [uri "/admin/.env"] [unique_id "aiWjMMZmKOFS9KfXTzJPwgAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 16:07:38
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:07:32.926268 2026] [security2:error] [pid 26882:tid 26882] [client 2a02:4780:b:737:0:225d:dee:1:50850] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cienmalos.com"] [uri "/dev/.env"] [unique_id "aiWXRCq0yZBdTkb6QpEsxwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 15:13:46
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in th ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:4780:b:737:0:225d:dee:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:13:41.093749 2026] [security2:error] [pid 26669:tid 26669] [client 2a02:4780:b:737:0:225d:dee:1:54632] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alfredintelligence.com"] [uri "/members/.env"] [unique_id "aiWKpSlPPZFHxbuUCwf-TQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack