π©πͺ
sdos.es
2026-07-19 02:52:55
(5 minutes ago)
"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"
Web App Attack
πΊπΈ
jcbriar
2026-07-19 02:07:33
(50 minutes ago)
Searching for vulnerable scripts
Hacking
Web App Attack
Anonymous
2026-07-19 01:47:03
(1 hour ago)
Bot / scanning and/or hacking attempts: GET /wp-config.php.bak HTTP/2.0, GET / HTTP/2.0
Hacking
Web App Attack
πΊπΈ
Matthew Ping
2026-07-19 01:45:01
(1 hour ago)
ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
π©πͺ
EGP Abuse Dept
2026-07-19 01:09:58
(1 hour ago)
Scanning for web/db/file exploits on www.stroomaanboord.nl
SQL Injection
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-19 00:43:29
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 20:43:21.137255 2026] [security2:error] [pid 1946216:tid 1946216] [client 34.129.109.212:41996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "struver.net"] [uri "/.git/config"] [unique_id "alwdqQzniaMiOmnVPIKlfAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
β¨
2026-07-19 00:40:10
(2 hours ago)
Domain : studicarinci.it
Rule : env
2026-07-19 00:38:44 ***hidden-privacy*** GET /.env.example - 443 ...
show more
Domain : studicarinci.it
Rule : env
2026-07-19 00:38:44 ***hidden-privacy*** GET /.env.example - 443 - 34.129.109.212 HTTP/2.0 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; MistralAI-User/1.0 - studicarinci.it 301 0 0 419 191 307 - -
show less
Hacking
SQL Injection
π¬π§
Oakley
2026-07-19 00:08:52
(2 hours ago)
(confirmed_bot_sig) Confirmed bot
Hacking
πΊπΈ
TPI-Abuse
2026-07-18 23:44:04
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 19:43:57.543263 2026] [security2:error] [pid 1187564:tid 1187564] [client 34.129.109.212:39146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "strawberryhillchristmas.com"] [uri "/config/.env"] [unique_id "alwPvXgejV9n1GtzN4y7WAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-18 23:36:52
(3 hours ago)
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.php.bak HTTP/1.1" 403 199 "-" "Mozilla/5. ...
show more
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.php.bak HTTP/1.1" 403 199 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected] )" 34.129.109.212
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env HTTP/1.1" 403 199 "-" "anthropic-ai" 34.129.109.212
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.example HTTP/1.1" 403 199 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected] " 34.129.109.212
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.production HTTP/1.1" 403 199 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 34.129.109.212
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.dev HTTP/1.1" 403 199 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 34.129.109.212
34.129.109.212 - - [18/Jul/2026:18:36:51 -0500] "GET /.env.local HTTP/1.1" 403 199 "-" "Mozilla/5.0 (compatible; Amzn-SearchBot/1.0; +https://
...
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
big-cloud.nl
2026-07-18 23:14:41
(3 hours ago)
Try to access /.git/HEAD
Web App Attack
π©πͺ
sdos.es
2026-07-18 23:10:53
(3 hours ago)
"URL file extension is restricted by policy - .com"
Web App Attack
π«π·
dynamix
2026-07-18 21:55:30
(5 hours ago)
Multiple WAF Violations
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-18 21:49:32
(5 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 17:49:26.281118 2026] [security2:error] [pid 26517:tid 26517] [client 34.129.109.212:57052] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||stieber.net|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stieber.net"] [uri "/rclone.conf"] [unique_id "alv05rsVbluM9SwryaIEgwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-18 20:50:06
(6 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210730) triggered by 34.129.109.212 (212.109.129.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 16:50:02.016266 2026] [security2:error] [pid 3379871:tid 3379879] [client 34.129.109.212:59108] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||stoborough.com|F|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stoborough.com"] [uri "/rclone.conf"] [unique_id "alvm-reTI8oOydrXJGRWAAAAAIY"]
show less
Brute-Force
Bad Web Bot
Web App Attack