๐ฉ๐ช
Holger
2026-07-16 06:09:43
(1 hour ago)
URL probing: GET /.env
Web App Attack
๐ณ๐ฑ
SysAdmin Dylan
2026-07-16 05:54:41
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (US/United States/ec2-34-216-236- ...
show more
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (US/United States/ec2-34-216-236-30.us-west-2.compute.amazonaws.com): 10 in the last 3600 secs
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 05:51:10
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:51:04.745251 2026] [security2:error] [pid 13939:tid 13939] [client 34.216.236.30:37874] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insurance4you.agency"] [uri "/.git/config"] [unique_id "alhxSMkEZW2eqpbzDA0A6QAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-16 05:36:16
(1 hour ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /.git/config | 5 distinct paths | UA: Mozilla/5. ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /.git/config | 5 distinct paths | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 05:28:17
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:28:11.092936 2026] [security2:error] [pid 24311:tid 24311] [client 34.216.236.30:60430] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insua.com"] [uri "/.git/config"] [unique_id "alhr6wpKu64PqfySYwJSXAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 03:33:14
(3 hours ago)
(caddyscan) Scanner path probe from 34.216.236.30 (US/United States/ec2-34-216-236-30.us-west-2.comp ...
show more
(caddyscan) Scanner path probe from 34.216.236.30 (US/United States/ec2-34-216-236-30.us-west-2.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.216.236.30 - - [16/Jul/2026:03:33:09 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 34.216.236.30 - - [16/Jul/2026:03:33:09 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 34.216.236.30 - - [16/Jul/2026:03:33:09 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 34.216.236.30 - - [16/Jul/2026:03:33:09 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 34.216.236.30 - - [16/Jul/2026:03:33:09 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐ช๐ธ
alferez
2026-07-15 19:51:21
(11 hours ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 15:04:36
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 34.216.236.30 (ec2-34-216-236-30.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:04:30.709961 2026] [security2:error] [pid 4615:tid 4615] [client 34.216.236.30:49592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.freeformbrush.com"] [uri "/.git/config"] [unique_id "alehfuOgDO4A-4dEuZGFuAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-14 13:05:06
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack