π§πͺ
boxed-it
2026-07-15 18:08:24
(1 day ago)
GET /config/.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)
Web App Attack
π§πͺ
sid3windr
2026-07-15 16:05:06
(1 day ago)
GET /config/secrets.yaml (Tarpitted for 1d15h8m29s, wasted 8.06MB)
Web App Attack
π§πͺ
boxed-it
2026-07-15 14:21:34
(1 day ago)
GET /config/config.json (Tarpitted for 1d14h7m46s, wasted 7.85MB)
Web App Attack
πΈπ¬
Starburst SysOp Team
2026-07-14 10:09:37
(2 days ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-sin2-2)
Hacking
Web App Attack
π©πͺ
4server
2026-07-14 10:08:36
(2 days ago)
[TueJul1412:08:33.3432082026][security2:error][pid1214781:tid1214805][client38.54.40.221:0]ModSecuri ...
show more
[TueJul1412:08:33.3432082026][security2:error][pid1214781:tid1214805][client38.54.40.221:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".backup\"][severity\"ERROR\"][hostname\"mail.wildpferde.ch\"][uri\"/.env.backup\"][unique_id\"alYKoZiPDfezePpyfhS32gAAANU\"]
show less
Port Scan
Brute-Force
Web App Attack
π³π±
Site.eu
2026-07-14 10:01:48
(2 days ago)
Excessive multi-domain requests
Brute-Force
π¬π§
OptimusGO
2026-07-14 07:04:13
(3 days ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-07-14 08:04:13 UTC
Log evidence:
07/14/2026-08:04:12.151337 [**] [1:1000101:2] SECURITY Port Scan Detected - Multiple Unauthorized Ports [**] [Classification: Attempted Information Leak] [Priority: 1] {TCP} 38.54.40.221:56680 -> 185.127.18.66:8088
07/14/2026-08:04:13.162873 [**] [1:1000101:2] SECURITY Port Scan Detected - Multiple Unauthorized Ports [**] [Classification: Attempted Information Leak] [Priority: 1] {TCP} 38.54.40.221:56680 -> 185.127.18.66:8088
show less
Port Scan
Brute-Force
π§πͺ
sid3windr
2026-07-14 05:44:43
(3 days ago)
GET /config/.env (Tarpitted for , wasted 120B)
Web App Attack
π«π·
dynamix
2026-07-14 05:18:37
(3 days ago)
Multiple WAF Violations
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-14 04:53:23
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 38.54.40.221 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 38.54.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:53:19.241293 2026] [security2:error] [pid 10859:tid 10859] [client 38.54.40.221:54064] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garyandthegroove.com"] [uri "/.env"] [unique_id "alXAv_8jsUBGSn36losOlwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Nightreaver
2026-07-14 03:42:53
(3 days ago)
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /config.json HTTP/1.1" 404 438 "-" "LLMLeak-RedTe ...
show more
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /config.json HTTP/1.1" 404 438 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /.env HTTP/1.1" 404 438 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /.hermes/client_secret.json HTTP/1.1" 404 438 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /.hermes/supermemory.json HTTP/1.1" 404 438 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
38.54.40.221 - - [14/Jul/2026:05:42:52 0200] "GET /.config/claude/settings.local.json HTTP/1.1" 404 438 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"[...]
show less
Bad Web Bot
Web App Attack
π§πͺ
boxed-it
2026-07-14 03:26:50
(3 days ago)
GET /.env (Tarpitted for 24m54s, wasted 87.66kB)
Web App Attack
π²π³
Public CSIRT/CC of Mongolia
2026-07-14 03:00:56
(3 days ago)
Honeypot hit: Incoming HTTP traffic on port 81
Web App Attack
Bad Web Bot
π²πΎ
Rizzy
2026-07-14 02:32:30
(3 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
π¬π§
blik2108
2026-07-14 00:31:50
(3 days ago)
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:44 +0100] "GET /config/config.yaml ...
show more
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:44 +0100] "GET /config/config.yaml HTTP/1.1" 404 474 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:46 +0100] "GET /config/secrets.yaml HTTP/1.1" 404 474 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:47 +0100] "GET /config/.env HTTP/1.1" 404 474 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:49 +0100] "GET /config/config.json HTTP/1.1" 404 474 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
sandalwood.blacknell.co.uk:80 38.54.40.221 - - [14/Jul/2026:01:31:49 +0100] "GET /config/secrets.json HTTP/1.1" 404 474 "-" "LLMLeak-RedTeam/1.0 (authorized-scan)"
...
show less
Brute-Force