๐ณ๐ฑ
homeshowdomain.nl
2026-06-09 22:02:11
(1 month ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08.
show less
Web App Attack
SSH
Hacking
Anonymous
2026-06-08 22:12:00
(1 month ago)
http scanning for .env files
...
Hacking
Web App Attack
๐ฉ๐ช
seal
2026-06-08 21:05:43
(1 month ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
SSH
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-08 13:18:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 09:17:54.162305 2026] [security2:error] [pid 4373:tid 4373] [client 34.125.190.218:47354] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chalet-4saisons.com"] [uri "/.env.save"] [unique_id "aibBAlljUXpwd0KFDtJdhgAAAHE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 11:28:49
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:28:42.394614 2026] [security2:error] [pid 32668:tid 32668] [client 34.125.190.218:40248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cdalakefrontcabin.com"] [uri "/.env.dev"] [unique_id "aianarlGVnOtdbRiPqsANQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 09:39:38
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:39:33.881380 2026] [security2:error] [pid 27270:tid 27270] [client 34.125.190.218:34504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cherryblossomplayers.royal-barbershop.com"] [uri "/api/.env.staging"] [unique_id "aiaN1VHQnKs_ztdHolaBDgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
updown.io
2026-06-08 07:20:41
(1 month ago)
{"level":"info","ts":1780903234.301037,"logger":"http.log.access.log1","msg":"handled request","requ ...
show more
{"level":"info","ts":1780903234.301037,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.125.190.218","remote_port":"38880","client_ip":"34.125.190.218","proto":"HTTP/1.1","method":"GET","host":"update.wzyxwvutsrqponqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.old","headers":{"User-Agent":["Mozilla/5.0 (X11; CrOS x86_64 12105.100.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.144 Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000259925,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://update.wzyxwvutsrqponqponmlkjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.old"]}}
{"level":"info","ts":1780903234.3025384,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.125.190.218","remote_port":"388
...
show less
DDoS Attack
Web App Attack
๐บ๐ธ
kosada.com
2026-06-08 07:07:43
(1 month ago)
Web vulnerability probing: /development/.env
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-08 06:56:22
(1 month ago)
Excessive 404/403 errors
Brute-Force
๐ซ๐ท
dynamix
2026-06-08 04:09:00
(1 month ago)
Multiple WAF Violations
Web App Attack
๐ฎ๐น
VHosting
2026-06-08 02:45:03
(1 month ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 02:28:20
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.125.190.218 (218.190.125.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:28:17.662272 2026] [security2:error] [pid 20791:tid 20791] [client 34.125.190.218:37324] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kateshendge.com.sigi.biz"] [uri "/.env.backup.txt"] [unique_id "aiYowXZ3HyjP8M_5nT5RTwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-08 00:50:21
(1 month ago)
Aggressive web scan
Web App Attack