๐ณ๐ฑ
Site.eu
2026-07-02 07:52:28
(2 days ago)
Excessive multi-domain requests
Brute-Force
๐ฏ๐ต
ochanoko
2026-07-02 06:14:31
(2 days ago)
2026-07-02T15:14:28.035288+09:00 vm-67b67c06-8f nginx[1138809]: vm-67b67c06-8f nginx: 2026/07/02 15: ...
show more
2026-07-02T15:14:28.035288+09:00 vm-67b67c06-8f nginx[1138809]: vm-67b67c06-8f nginx: 2026/07/02 15:14:28 [error] 1138809#1138809: *5769 access forbidden by rule, client: 2a09:bac1:7680:460::7d:8c, server: crm.ochanoko.biz, request: "GET /.env HTTP/1.1", host: "crm.ochanoko.biz"
2026-07-02T15:14:29.819716+09:00 vm-67b67c06-8f nginx[1138809]: vm-67b67c06-8f nginx: 2026/07/02 15:14:29 [error] 1138809#1138809: *5769 access forbidden by rule, client: 2a09:bac1:7680:460::7d:8c, server: crm.ochanoko.biz, request: "GET /.gcp/credentials.json HTTP/1.1", host: "crm.ochanoko.biz"
2026-07-02T15:14:29.956072+09:00 vm-67b67c06-8f nginx[1138809]: vm-67b67c06-8f nginx: 2026/07/02 15:14:29 [error] 1138809#1138809: *5774 access forbidden by rule, client: 2a09:bac1:7680:460::7d:8c, server: crm.ochanoko.biz, request: "GET /.config/gcloud/application_default_credentials.json HTTP/1.1", host: "crm.ochanoko.biz"
2026-07-02T15:14:30.118697+09:00 vm-67b67c06-8f nginx[1138809]: vm-67b67c06-8f nginx: 2026/07/02
...
show less
Brute-Force
๐ฉ๐ช
igerman
2026-07-02 01:05:39
(2 days ago)
caddy probes: api: GET /api/.aws/config(404), GET /api/.aws/credentials(404), GET /api/config.json(4 ...
show more
caddy probes: api: GET /api/.aws/config(404), GET /api/.aws/credentials(404), GET /api/config.json(404), GET /api/credentials.json(404), GET /api/secrets.json(DROP), GET /api/service-account.json(DROP), GET /api/serviceAccountKey.json(DROP) | cloud-creds: GET /.aws/config(DROP), GET /.aws/credentials(DROP) | env-probe: GET /.env(DROP), GET /app/.env(DROP) | web: GET /.npmrc(DROP), GET /.vercel/project.json(DROP), GET /app/.aws/credentials(404), GET /app/config.json(404), GET /app/credentials.json(404), GET /app/secrets.json(DROP), GET /app/serviceAccountKey.json(DROP), GET /appsettings.json(DROP), GET /config.json(DROP), GET /credentials.json(404), GET /flowise/api/v1/credentials(404), GET /secrets.json(DROP), GET /service-account.json(DROP), GET /serviceAccountKey.json(DROP)
show less
Web App Attack
๐ฉ๐ช
maxpower
2026-07-02 00:46:20
(2 days ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a09:bac1:7680:460::7d:8c (US/United Sta ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a09:bac1:7680:460::7d:8c (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a09:bac1:7680:460::7d:8c - - [02/Jul/2026:02:46:18 +0200] "GET /app/.aws/credentials HTTP/1.1" 404 1148 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" "-" host=gestionale.mediaqualitylab.com
2a09:bac1:7680:460::7d:8c - - [02/Jul/2026:02:46:18 +0200] "GET /backend/.aws/credentials HTTP/1.1" 404 1148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" "-" host=gestionale.mediaqualitylab.com
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-01 09:55:32
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 05:55:27.729328 2026] [security2:error] [pid 8977:tid 8977] [client 2a09:bac1:7680:460::7d:8c:48262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.billwegener.net"] [uri "/.env"] [unique_id "akTkDxZTL_CDjTk_6IWD0QAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
Ribeye375
2026-07-01 06:13:07
(3 days ago)
HIPS web-exfiltration - Block tcp/0:65535
Web App Attack
๐ซ๐ท
dynamix
2026-07-01 02:41:47
(3 days ago)
Multiple WAF Violations
Web App Attack
๐ฉ๐ช
LRob
2026-07-01 02:30:19
(3 days ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-01 01:57:53
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 21:57:50.469108 2026] [security2:error] [pid 6248:tid 6248] [client 2a09:bac1:7680:460::7d:8c:40144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.scr-publications.com"] [uri "/.env"] [unique_id "akR0HmoaKcLTVC8Bq5LvWwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 23:47:26
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 19:47:18.929324 2026] [security2:error] [pid 26879:tid 26879] [client 2a09:bac1:7680:460::7d:8c:14198] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.lanistandifer.com"] [uri "/backend/.env"] [unique_id "akRVhvg3HIw_Rd3nVL12DwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 15:41:11
(3 days ago)
Excessive multi-domain requests
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-30 15:29:45
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:29:37.444469 2026] [security2:error] [pid 28085:tid 28085] [client 2a09:bac1:7680:460::7d:8c:64362] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.laurengardner.org"] [uri "/.env.production"] [unique_id "akPg4cG1XzwV9qcJXYQvawAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 13:05:06
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:04:59.675443 2026] [security2:error] [pid 9721:tid 9721] [client 2a09:bac1:7680:460::7d:8c:19154] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "harrygant.com"] [uri "/.env"] [unique_id "akO--0Ck-ZvXpagPsnKmiQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hazzard
2026-06-30 11:41:01
(4 days ago)
(mod_security) mod_security triggered on hostname [redacted]): (CF_ENABLE)
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-06-30 09:56:39
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2a09:bac1:7680:460::7d:8c (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:56:31.865816 2026] [security2:error] [pid 3743:tid 3743] [client 2a09:bac1:7680:460::7d:8c:12032] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.transportdelivery.ewingmissouri.com"] [uri "/.env.swp"] [unique_id "akOSz0c-dbh7J-sQ7MFq_wAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack