ππΊ
DumaNet
2025-12-17 01:42:00
(7 months ago)
Web app attack attempts, scanning for vulnerability.
Date: 2025 Dec 14. 05:48:38
Source IP: 34.222 ...
show more
Web app attack attempts, scanning for vulnerability.
Date: 2025 Dec 14. 05:48:38
Source IP: 34.222.143.142
Portion of the log(s):
34.222.143.142 - [14/Dec/2025:05:47:27 +0100] "GET /.env.example HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
34.222.143.142 - [14/Dec/2025:05:47:27 +0100] "GET /.env_sample HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
34.222.143.142 - [14/Dec/2025:05:47:21 +0100] "GET /.env.save HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
34.222.143.142 - [14/Dec/2025:05:47:20 +0100] "GET /.env.old HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
34.222.143.142 - [14/Dec/2025:05:47:19 +0100] "GET /.env.backup HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
34.222.143.142 - [14/Dec/2025:05:47:07 +0100] "GET /.env
show less
Web App Attack
π¬π§
[email protected]
2025-12-15 00:58:11
(7 months ago)
...
Brute-Force
SSH
π³π±
homeshowdomain.nl
2025-12-14 22:59:44
(7 months ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-12-13.
show less
Hacking
Web App Attack
SSH
πΊπΈ
TPI-Abuse
2025-12-14 08:19:00
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 14 03:18:54.330911 2025] [security2:error] [pid 26305:tid 26305] [client 34.222.143.142:53004] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "timjbutler.com"] [uri "/.env"] [unique_id "aT5y7irtWYXF7BblZ4h_dQAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-14 07:40:45
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 14 02:40:39.051887 2025] [security2:error] [pid 31387:tid 31387] [client 34.222.143.142:49942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "therustedtree.com"] [uri "/.env"] [unique_id "aT5p97pPqS56i1_vD1YGdAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-14 06:53:50
(7 months ago)
Portscan: TCP/443 (5x), TCP/80 (2x)
Port Scan
πΊπΈ
SLSLLC
2025-12-14 06:31:24
(7 months ago)
34.222.143.142 - - [14/Dec/2025:06:30:45 +0000] "GET /.env HTTP/2.0" 403 282 "-" "Mozilla/5.0 (Windo ...
show more
34.222.143.142 - - [14/Dec/2025:06:30:45 +0000] "GET /.env HTTP/2.0" 403 282 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
...
show less
Brute-Force
Web App Attack
π³πΏ
Antinson
2025-12-14 06:27:40
(7 months ago)
Scraping with a high error ratio and request rate
Bad Web Bot
πΊπΈ
COMPLEX
2025-12-14 05:58:58
(7 months ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: 16509 (AMAZO ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: 16509 (AMAZON-02)
Protocol: HTTP/1.1 (GET method)
Endpoint: /
show less
Bad Web Bot
π©πͺ
Mr-Money
2025-12-14 05:12:59
(7 months ago)
scenario: crowdsecurity/http-probing - events: 11
Hacking
Web App Attack
π¬π§
Swiptly
2025-12-14 04:23:48
(7 months ago)
Bot scanning for environment files .env .env/\*
...
Web App Attack
Anonymous
2025-12-14 04:20:40
(7 months ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
Anonymous
2025-12-14 03:25:02
(7 months ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET /shows/ HTTP/1.1
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2025-12-14 03:09:49
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 34.222.143.142 (ec2-34-222-143-142.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 13 22:09:44.250008 2025] [security2:error] [pid 24023:tid 24055] [client 34.222.143.142:58612] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "strikeunosports.com"] [uri "/.env"] [unique_id "aT4qeFtuPD-m7WUI_q4pZQAAAI0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
updown.io
2025-12-14 02:30:03
(7 months ago)
{"level":"info","ts":1765675272.5889318,"logger":"http.log.access.log1","msg":"handled request","req ...
show more
{"level":"info","ts":1765675272.5889318,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.222.143.142","remote_port":"37434","client_ip":"34.222.143.142","proto":"HTTP/1.1","method":"GET","host":"spntywwwwwwwwwwww.159.89.98.98.nip.io","uri":"/","headers":{}},"bytes_read":0,"user_id":"","duration":0.00005703,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://spntywwwwwwwwwwww.159.89.98.98.nip.io/"],"Content-Type":[]}}
{"level":"info","ts":1765678633.9217613,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.222.143.142","remote_port":"44292","client_ip":"34.222.143.142","proto":"HTTP/1.1","method":"GET","host":"starbucks.status.signorita.nl","uri":"/.git/config","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"]}},"bytes_read":0,"user_id":"","duration":0.00006112,"size":0,"status":308,"resp_headers":{"Location":["https://starbucks
...
show less
DDoS Attack
Web App Attack