๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:03:24
(1 day ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 01:50:54
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:50:47.230304 2026] [security2:error] [pid 23355:tid 23355] [client 3.107.140.163:41948] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.amybeam.info.amybeam.com"] [uri "/.env.local"] [unique_id "almKd4eovt37imwh1HkzZQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-17 01:42:21
(2 days ago)
Try to access /.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:15:23
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:15:18.909482 2026] [security2:error] [pid 60559:tid 60559] [client 3.107.140.163:20184] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jodstar.com"] [uri "/tmp/.env"] [unique_id "almCJninRh0S1kTsMNwuSQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-17 00:26:35
(2 days ago)
Web attack/malicious scanning detected
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-16 22:53:59
(2 days ago)
Probing websites for vulnerabilities
Web App Attack
SQL Injection
๐จ๐ญ
4server
2026-07-16 22:12:52
(2 days ago)
[FriJul1700:12:47.2165902026][security2:error][pid1535080:tid1535356][client3.107.140.163:0]ModSecur ...
show more
[FriJul1700:12:47.2165902026][security2:error][pid1535080:tid1535356][client3.107.140.163:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"mail.teatrotangram.ch.81-17-25-250.cpanel.site\"][uri\"/.env\"][unique_id\"allXXxutCskc09hW8kvsQgAAAUk\"]
show less
Hacking
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:03:57
(2 days ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 21:59:15
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:59:07.711517 2026] [security2:error] [pid 19214:tid 19214] [client 3.107.140.163:47496] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.mumawvickers.com"] [uri "/.env.staging"] [unique_id "allUKw6uiMYW-JZIjZhU3QAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:03:26
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:03:21.979175 2026] [security2:error] [pid 6476:tid 6476] [client 3.107.140.163:37341] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stevedegroodt.com"] [uri "/.env.production"] [unique_id "alk5CQBJqY5jxTGe05IAMgAAAFg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 19:17:54
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:17:49.150219 2026] [security2:error] [pid 29199:tid 29199] [client 3.107.140.163:40262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alavida.cr.galvez.cc"] [uri "/.env.dev"] [unique_id "alkuXeSU1wFcoANgQpkkZwAAACc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 18:47:46
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:47:21.790897 2026] [security2:error] [pid 26274:tid 26274] [client 3.107.140.163:12140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.diary.kleens-uk.com"] [uri "/.env"] [unique_id "alknOfHkzRS0aYfsB2XuoAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-16 18:05:04
(2 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 17:44:50
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2 ...
show more
(mod_security) mod_security (id:210492) triggered by 3.107.140.163 (ec2-3-107-140-163.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:44:11.082237 2026] [security2:error] [pid 13234:tid 13288] [client 3.107.140.163:56766] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eafm.org"] [uri "/wp-config.php~"] [unique_id "alkYa2JsOKpnnDkB0xUrZwAAARM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-16 17:22:25
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack