๐ฉ๐ช
big-cloud.nl
2026-06-21 12:51:23
(1 week ago)
Try to access /.aws/credentials
Web App Attack
๐ฎ๐ฉ
soc-yk
2026-06-21 03:30:15
(1 week ago)
Type: suspicious_network_activity
Risk: 98
Events: 79
Evidence:
- Persistent suspicious network act ...
show more
Type: suspicious_network_activity
Risk: 98
Events: 79
Evidence:
- Persistent suspicious network activity detected
- Repeated hostile operational behavior observed
- Multi-event operational persistence identified
- Threat escalation behavior observed
show less
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-21 01:10:22
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 21:10:17.983774 2026] [security2:error] [pid 19017:tid 19030] [client 2a06:a880:5:c663::1:42028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sujugada.com"] [uri "/.env.example"] [unique_id "ajc5-bk3TQnADcgj_Ay9LwAAAEM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-20 22:30:17
(1 week ago)
Brute-Force
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-20 16:41:55
(1 week ago)
2a06:a880:5:c663::1 - - [20/Jun/2026:19:41:50 +0300] "GET /admin/.env HTTP/1.1" 404 650 "-" "Mozilla ...
show more
2a06:a880:5:c663::1 - - [20/Jun/2026:19:41:50 +0300] "GET /admin/.env HTTP/1.1" 404 650 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)"
2a06:a880:5:c663::1 - - [20/Jun/2026:19:41:54 +0300] "GET /app/.env HTTP/1.1" 404 4586 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)"
...
show less
Web App Attack
๐ฆ๐บ
Anytech
2026-06-20 15:35:36
(1 week ago)
Blocked by Conn-Monitor: Web scanning activity
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 15:21:41
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 11:21:34.172135 2026] [security2:error] [pid 14241:tid 14241] [client 2a06:a880:5:c663::1:48648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.henhousebbq.com"] [uri "/.env"] [unique_id "ajav_tNlg6IIiRk4tH_-8wAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
macrob
2026-06-20 12:30:35
(1 week ago)
2026/06/20 12:30:33 [error] 3211635#3211635: *318639433 access forbidden by rule, client: 2a06:a880: ...
show more
2026/06/20 12:30:33 [error] 3211635#3211635: *318639433 access forbidden by rule, client: 2a06:a880:5:c663::1, server: fn.binixo.es, request: "GET /.env.example HTTP/2.0", host: "www.fastcredit.net.ua"
2026/06/20 12:30:33 [error] 3211635#3211635: *318639433 access forbidden by rule, client: 2a06:a880:5:c663::1, server: fn.binixo.es, request: "GET /.env HTTP/2.0", host: "www.fastcredit.net.ua"
2026/06/20 12:30:34 [error] 3211635#3211635: *318639436 access forbidden by rule, client: 2a06:a880:5:c663::1, server: fn.binixo.es, request: "GET /api/.env HTTP/2.0", host: "www.fastcredit.net.ua"
...
show less
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-20 12:15:05
(1 week ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
ipblock.com
2026-06-20 11:31:00
(1 week ago)
IPBlock protected site ID [669-fx].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Roderic
2026-06-20 10:24:57
(1 week ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted])
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-20 08:33:01
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c663::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 04:32:56.730227 2026] [security2:error] [pid 6224:tid 6224] [client 2a06:a880:5:c663::1:51812] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namefinder.com"] [uri "/.env"] [unique_id "ajZQOFhgrXK6UTH2Zhqw8AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-20 07:26:33
(1 week ago)
Too many successive quick attempts with error status 301, 404, 405, 444, 403 or 400
Bad Web Bot
๐ซ๐ท
dynamix
2026-06-20 05:27:47
(1 week ago)
Multiple WAF Violations
Web App Attack
๐ฌ๐ง
Marten Mark
2026-06-20 05:12:44
(1 week ago)
2a06:a880:5:c663::1 - - [20/Jun/2026:05:12:43 +0000] "GET /.aws/credentials HTTP/2.0" 404 24193 "-" ...
show more
2a06:a880:5:c663::1 - - [20/Jun/2026:05:12:43 +0000] "GET /.aws/credentials HTTP/2.0" 404 24193 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot"
...
show less
Web App Attack
Bad Web Bot