๐บ๐ธ
TPI-Abuse
2026-07-17 22:05:29
(26 minutes ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 18:05:23.658585 2026] [security2:error] [pid 1188095:tid 1188095] [client 38.253.224.89:58158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chrisbilder.com"] [uri "/.env"] [unique_id "alqnI1RIeh3O1Yd6w0qP1AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:01:54
(30 minutes ago)
Auto-ban: >3000 req/min op 2026-07-17
Web App Attack
SSH
Hacking
๐ฉ๐ช
Interceptor_HQ
2026-07-17 21:11:01
(1 hour ago)
request_uri: /.env -- automatic report --
Brute-Force
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 21:04:52
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 17:04:47.862036 2026] [security2:error] [pid 1249451:tid 1249451] [client 38.253.224.89:50986] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "charmainecruz.com"] [uri "/.env"] [unique_id "alqY7zNWzui0hWB83l9xrwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 20:42:20
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 16:42:16.335285 2026] [security2:error] [pid 438468:tid 438468] [client 38.253.224.89:59480] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "emmlogistics.com"] [uri "/.env"] [unique_id "alqTqIW03U-TWOMsmEFj3wAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 20:29:19
(2 hours ago)
automatically banned
Brute-Force
Web App Attack
๐ธ๐ฌ
Starburst SysOp Team
2026-07-17 20:12:30
(2 hours ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-sin2-2)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 19:40:03
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 15:39:58.819746 2026] [security2:error] [pid 18911:tid 18911] [client 38.253.224.89:57964] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cdhcreations.com"] [uri "/.env"] [unique_id "alqFDlLZID_91OmgxVFoXQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
GAS
2026-07-17 19:24:09
(3 hours ago)
Bad Bot.
38.253.224.89 - - [17/Jul/2026:21:24:09 +0200] "GET /.env HTTP/1.1" 301 551 "-" "Mozilla/5. ...
show more
Bad Bot.
38.253.224.89 - - [17/Jul/2026:21:24:09 +0200] "GET /.env HTTP/1.1" 301 551 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "REDACTED" "-"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 19:08:50
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 15:08:43.393498 2026] [security2:error] [pid 6708:tid 6708] [client 38.253.224.89:58082] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adoniahenterprises.com"] [uri "/.env"] [unique_id "alp9u0lfAfPhmGOufhw23gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 19:07:25
(3 hours ago)
38.253.224.89 - - [18/Jul/2026:03:07:24 +0800] "GET /.env HTTP/1.1" 301 231 "-" "Mozilla/5.0 (X11; L ...
show more
38.253.224.89 - - [18/Jul/2026:03:07:24 +0800] "GET /.env HTTP/1.1" 301 231 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 19:06:05
(3 hours ago)
Trying to access config files
Web App Attack
๐จ๐ญ
SOC [GOLINE SA]
2026-07-17 19:02:07
(3 hours ago)
FortiGate detected IPS attack from IPv4 address 38.253.224.89
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 18:50:38
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 38.253.224.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 14:50:32.654577 2026] [security2:error] [pid 5109:tid 5109] [client 38.253.224.89:48530] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carminestogo.com"] [uri "/.env"] [unique_id "alp5ePYfHd0bwP4YQkmaKgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-17 18:43:28
(3 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack