๐ง๐ช
Scampi_ml
2026-06-10 13:42:01
(4 weeks ago)
66x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on ...
show more
66x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on web application paths.
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-25 09:52:18
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserve ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 25 05:52:11.372786 2025] [security2:error] [pid 4125:tid 4125] [client 2a02:c207:2262:5048::1:34328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chblanchard.fr"] [uri "/.env"] [unique_id "aNUQy7Bw4HINXJFLWkX5cQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
kumiko
2025-09-25 07:20:42
(9 months ago)
[2025-09-25 10:20:41] Probing for dotfiles
"GET /.env HTTP/1.1" 403
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2025-09-25 06:23:37
(9 months ago)
146 requests with url.path *.env
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-09-25 04:45:23
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserve ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 25 00:45:18.736664 2025] [security2:error] [pid 31507:tid 31507] [client 2a02:c207:2262:5048::1:37976] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.anenchantingevening.com"] [uri "/.env"] [unique_id "aNTI3qqC4dYxGxy0DPgXuQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
cycastic
2025-09-25 02:37:02
(9 months ago)
Probed /.aws/credentials on 09/25/2025 02:36:09 +00:00 (UA: Mozilla/5.0, Query: )
Probed /.aws/crede ...
show more
Probed /.aws/credentials on 09/25/2025 02:36:09 +00:00 (UA: Mozilla/5.0, Query: )
Probed /.aws/credentials on 09/25/2025 02:36:08 +00:00 (UA: Mozilla/5.0, Query: )
Probed /vendor/.env on 09/25/2025 02:36:03 +00:00 (UA: Mozilla/5.0, Query: )
Probed /vendor/.env on 09/25/2025 02:36:02 +00:00 (UA: Mozilla/5.0, Query: )
Probed /node-api/.env on 09/25/2025 02:35:58 +00:00 (UA: Mozilla/5.0, Query: )
Probed /node-api/.env on 09/25/2025 02:35:57 +00:00 (UA: Mozilla/5.0, Query: )
Probed /nextjs-app/.env on 09/25/2025 02:35:55 +00:00 (UA: Mozilla/5.0, Query: )
Probed /nextjs-app/.env on 09/25/2025 02:35:54 +00:00 (UA: Mozilla/5.0, Query: )
Probed /library/.env on 09/25/2025 02:35:52 +00:00 (UA: Mozilla/5.0, Query: )
Probed /library/.env on 09/25/2025 02:35:51 +00:00 (UA: Mozilla/5.0, Query: )
show less
Web App Attack
๐ซ๐ท
dynamix
2025-09-24 23:56:49
(9 months ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-24 23:45:36
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserve ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 24 19:45:30.844514 2025] [security2:error] [pid 30573:tid 30573] [client 2a02:c207:2262:5048::1:52528] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "20lessons.com"] [uri "/.env"] [unique_id "aNSCmjxnv7aQAeLuzaF3EAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ps-center
2025-09-24 22:36:01
(9 months ago)
MYH: Web Attack GET /admin/config?cmd=cat+/root/.aws/credentials
Web Spam
Hacking
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2025-09-24 22:03:38
(9 months ago)
Excessive multi-domain requests
Brute-Force
๐ซ๐ท
Micorksen
2025-09-24 21:15:24
(9 months ago)
[24/Sep/2025:23:15:23.136563 +0200] aNRfax3Kw1Ul4OFGijOGtAAAABE 2a02:c207:2262:5048::1 42810 2a10:46 ...
show more
[24/Sep/2025:23:15:23.136563 +0200] aNRfax3Kw1Ul4OFGijOGtAAAABE 2a02:c207:2262:5048::1 42810 2a10:4646:120::50 7081
[24/Sep/2025:23:15:23.162469 +0200] aNRfax3Kw1Ul4OFGijOGtQAAABI 2a02:c207:2262:5048::1 42822 2a10:4646:120::50 7081
[24/Sep/2025:23:15:23.182883 +0200] aNRfa0KsvMVDOJ95_1S0NAAAAEI 2a02:c207:2262:5048::1 42838 2a10:4646:120::50 7081
[24/Sep/2025:23:15:23.825926 +0200] aNRfa0KsvMVDOJ95_1S0NgAAAEQ 2a02:c207:2262:5048::1 42844 2a10:4646:120::50 7081
[24/Sep/2025:23:15:23.856828 +0200] aNRfa0KsvMVDOJ95_1S0NwAAAEU 2a02:c207:2262:5048::1 42852 2a10:4646:120::50 7081
show less
Exploited Host
๐ซ๐ท
Micorksen
2025-09-24 00:26:44
(9 months ago)
[24/Sep/2025:02:25:45.632053 +0200] aNM6iUKsvMVDOJ95_1Sz4QAAAEs 2a02:c207:2262:5048::1 40758 2a10:46 ...
show more
[24/Sep/2025:02:25:45.632053 +0200] aNM6iUKsvMVDOJ95_1Sz4QAAAEs 2a02:c207:2262:5048::1 40758 2a10:4646:120::50 7081
[24/Sep/2025:02:26:02.168361 +0200] aNM6mh3Kw1Ul4OFGijOGhQAAAAY 2a02:c207:2262:5048::1 56170 2a10:4646:120::50 7081
[24/Sep/2025:02:26:03.998776 +0200] aNM6m0KsvMVDOJ95_1Sz4gAAAEc 2a02:c207:2262:5048::1 45466 2a10:4646:120::50 7081
[24/Sep/2025:02:26:38.891394 +0200] aNM6vkKsvMVDOJ95_1Sz5AAAAE4 2a02:c207:2262:5048::1 37302 2a10:4646:120::50 7081
[24/Sep/2025:02:26:44.084403 +0200] aNM6xEKsvMVDOJ95_1Sz5QAAAE0 2a02:c207:2262:5048::1 34596 2a10:4646:120::50 7081
show less
Exploited Host
๐ณ๐ฑ
Mangelot Hosting
2025-09-23 21:36:56
(9 months ago)
(modsecurity) srv104 ModSecurity 2a02:c207:2262:5048::1 (Unknown): 5 in the last 3600 secs; Ports: * ...
show more
(modsecurity) srv104 ModSecurity 2a02:c207:2262:5048::1 (Unknown): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ฉ๐ช
Bedios GmbH
2025-09-23 21:05:11
(9 months ago)
Login credentials theft attempt
Hacking
๐บ๐ธ
TPI-Abuse
2025-09-23 16:23:50
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserve ...
show more
(mod_security) mod_security (id:210492) triggered by 2a02:c207:2262:5048::1 (vmi2625048.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 23 12:23:44.640420 2025] [security2:error] [pid 22822:tid 22822] [client 2a02:c207:2262:5048::1:37144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.thesunvegan.com"] [uri "/.env"] [unique_id "aNLJkJ0-FrTETlqwVRuPiAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack