๐ณ๐ฑ
homeshowdomain.nl
2026-06-16 22:01:05
(2 weeks ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-15.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-15 18:16:39
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 34.75.119.172 (172.119.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.75.119.172 (172.119.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:16:31.515904 2026] [security2:error] [pid 6967:tid 6967] [client 34.75.119.172:51690] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||zoesaadeh.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "zoesaadeh.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "ajBBf3rX8OxNxdM2gcc_twAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐น
penguin-solutions.at
2026-06-15 18:05:02
(3 weeks ago)
Excessive 403/404 errors
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 18:00:26
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 34.75.119.172 (172.119.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210831) triggered by 34.75.119.172 (172.119.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:00:21.224172 2026] [security2:error] [pid 19329:tid 19329] [client 34.75.119.172:53162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||crucialpins.com|F|4"] [data "Web Downloader"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "crucialpins.com"] [uri "/heapdump"] [unique_id "ajA9tQleBu_ZxNmpmNHh_QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-06-15 02:05:27
(3 weeks ago)
Abuse Detected (37)
Brute-Force
Web App Attack
Anonymous
2026-06-15 01:20:04
(3 weeks ago)
Bot / scanning and/or hacking attempts: GET /frontend/.env.staging HTTP/1.1, GET /backend/.env.prod ...
show more
Bot / scanning and/or hacking attempts: GET /frontend/.env.staging HTTP/1.1, GET /backend/.env.prod HTTP/1.1, GET /backend/.env.local HTTP/1.1, GET /.env.production HTTP/1.1, GET /env.bak HTTP/1.1, GET /.env.bak HTTP/1.1, GET /.env.copy HTTP/1.1, GET /.env.save HTTP/1.1, GET /qa/.env HTTP/1.1, GET /v2/.env HTTP/1.1, GET /backend/.env.dev HTTP/1.1, GET /prod/.env HTTP/1.1, GET /stage/.env HTTP/1.1, GET /backend/.env.old HTTP/1.1, GET /backend/api/.env HTTP/1.1, GET /sendgrid/.env.backup HTTP/1.1, GET /staging/.env HTTP/1.1
show less
Hacking
Web App Attack
๐ฏ๐ต
jup10393
2026-06-15 00:33:00
(3 weeks ago)
172.119.75.34.bc.googleusercontent.com [34.75.119.172] - - [15/Jun/2026:05:17:31 +0900] "GET /api/.e ...
show more
172.119.75.34.bc.googleusercontent.com [34.75.119.172] - - [15/Jun/2026:05:17:31 +0900] "GET /api/.env HTTP/1.1" 406 289 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
Cloud86 B.V.
2026-06-15 00:26:02
(3 weeks ago)
categories: DDoS Attack
DDoS Attack
๐ณ๐ฑ
e.fierstra
2026-06-14 23:18:41
(3 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-14 21:41:46
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.75.119.172 (172.119.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210492) triggered by 34.75.119.172 (172.119.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:41:41.456382 2026] [security2:error] [pid 2230:tid 2230] [client 34.75.119.172:46988] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oceanrich.biz"] [uri "/.env.orig"] [unique_id "ai8gFbqU0Ou4xRRgXHcuhQAAAIQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐พ
lns.bz
2026-06-14 14:39:06
(3 weeks ago)
Too many 404 requests [BY]
Web App Attack
๐ณ๐ฑ
cybertailor
2026-06-14 12:30:50
(3 weeks ago)
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.development HTTP/1.1" 404 146 "-" "Mozilla ...
show more
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.development HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Camino/2.2.1"
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.qa HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.uat HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Linux; Android 8.0.0; moto e5 plus Build/OPPS27.91-122-3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.126 Mobile Safari/537.36"
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.backup HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
34.75.119.172 - - [14/Jun/2026:17:30:47 +0500] "GET /.env.production.bak HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Linux; Android 7.0; Lenovo K33a42) AppleWebKit/537.36 (KHT
...
show less
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-14 09:08:30
(3 weeks ago)
Excessive 404/403 errors
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-14 07:18:30
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.75.119.172 (172.119.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210492) triggered by 34.75.119.172 (172.119.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:18:27.395066 2026] [security2:error] [pid 27762:tid 27762] [client 34.75.119.172:56848] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stickittomestickerscom.stickittomebuttons.com"] [uri "/.env.demo"] [unique_id "ai5Vw8lx-COEYsVG0YJvMwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-06-14 04:20:04
(3 weeks ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack