caddy probes: env-probe: GET /.env(DROP), GET /.env.backup(DROP), GET /.env.backup.txt(DROP), GET /. ...
show morecaddy probes: env-probe: GET /.env(DROP), GET /.env.backup(DROP), GET /.env.backup.txt(DROP), GET /.env.bak(DROP), GET /.env.copy(DROP), GET /.env.default(DROP), GET /.env.dev(DROP), GET /.env.dev.local(DROP), GET /.env.development(DROP), GET /.env.dist(DROP), GET /.env.docker(DROP), GET /.env.local(DROP), GET /.env.local.bak(DROP), GET /.env.old(DROP), GET /.env.pre-production(DROP), GET /.env.prod(DROP), GET /.env.prod.bak(DROP), GET /.env.production(DROP), GET /.env.production.bak(DROP), GET /.env.sample(DROP), GET /.env.save(DROP), GET /.env.stage(DROP), GET /.env.staging(DROP), GET /.env.template(DROP), GET /.env.testing(DROP)
show less
{"level":"info","ts":1781154055.5230181,"logger":"http.log.access.log1","msg":"handled request","req ...
show more{"level":"info","ts":1781154055.5230181,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.88.214.123","remote_port":"57642","client_ip":"34.88.214.123","proto":"HTTP/1.1","method":"GET","host":"qpsrqpojihgfedcbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.old","headers":{"Connection":["close"],"User-Agent":["Mozilla/5.0 (Linux; Android 8.1.0; Nexus 6P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000053061,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://qpsrqpojihgfedcbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.old"],"Content-Type":[]}}
{"level":"info","ts":1781154055.5272074,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.88.214.123","remote_port":"57646","client_ip":"34
...
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-09.
show less
(y3) Failed access -byebye- from 34.88.214.123 (FI/Finland/123.214.88.34.bc.googleusercontent.com): ...
show more(y3) Failed access -byebye- from 34.88.214.123 (FI/Finland/123.214.88.34.bc.googleusercontent.com): (CF_ENABLE)
show less
Hacking
Anonymous
(caddyscan) Scanner path probe from 34.88.214.123 (123.214.88.34.bc.googleusercontent.com): 5 in the ...
show more(caddyscan) Scanner path probe from 34.88.214.123 (123.214.88.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.88.214.123 - - [10/Jun/2026:17:56:53 +0000] "GET /v2/.env HTTP/1.1"
[REDACTED] 200 2627 34.88.214.123 - - [10/Jun/2026:17:56:53 +0000] "GET /prod/.env HTTP/1.1"
[REDACTED] 200 2627 34.88.214.123 - - [10/Jun/2026:17:56:53 +0000] "GET /stage/.env HTTP/1.1"
[REDACTED] 200 2627 34.88.214.123 - - [10/Jun/2026:17:56:53 +0000] "GET /.env.example HTTP/1.1"
[REDACTED] 200 2627 34.88.214.123 - - [10/Jun/2026:17:56:53 +0000] "GET /staging/.env HTTP/1.1"
show less
{"level":"info","ts":1781046179.4690015,"logger":"http.log.access.log1","msg":"handled request","req ...
show more{"level":"info","ts":1781046179.4690015,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.88.214.123","remote_port":"57152","client_ip":"34.88.214.123","proto":"HTTP/1.1","method":"GET","host":"update.kjidcbihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"],"Accept-Charset":["utf-8"]}},"bytes_read":0,"user_id":"","duration":0.000068651,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://update.kjidcbihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env"],"Content-Type":[]}}
{"level":"info","ts":1781046179.4824667,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.88.214.123","remote_port":"57160","client_ip":"34.88.214.123","proto":"HTTP
...
show less
DDoS Attack
Web App Attack
Showing 1 to
15
of 39 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ