๐บ๐ธ
TPI-Abuse
2026-07-17 03:29:10
(22 minutes ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:29:02.555275 2026] [security2:error] [pid 16721:tid 16721] [client 43.161.252.23:58226] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mywhy.endriss.info"] [uri "/.env.production"] [unique_id "almhfvnZhOVaKlvCO4z_CAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 02:57:02
(54 minutes ago)
Bot / scanning and/or hacking attempts: GET /.env.old HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env ...
show more
Bot / scanning and/or hacking attempts: GET /.env.old HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env.tmp HTTP/1.1, GET /.env.bak HTTP/1.1, GET /.env.save HTTP/1.1
show less
Hacking
Web App Attack
๐ฎ๐น
mediarama.com
2026-07-17 02:22:31
(1 hour ago)
Banned by Fail2Ban
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:51:03
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:50:53.376300 2026] [security2:error] [pid 26527:tid 26527] [client 43.161.252.23:35778] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amybeam.com"] [uri "/.env.test"] [unique_id "almKfbaMFdleIIP-BtjaRQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-07-17 01:25:04
(2 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ต๐ฑ
srebrakowski.com
2026-07-17 01:15:00
(2 hours ago)
crowdsec/waf-detected-exploits
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-17 00:40:34
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:40:25.564265 2026] [security2:error] [pid 37705:tid 37705] [client 43.161.252.23:45860] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "waypoint-solutions.us"] [uri "/.env.production"] [unique_id "all5-Q63HPQ9Qq_6xorUHQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-16 22:31:18
(5 hours ago)
Try to access /config/.env
Web App Attack
๐จ๐ญ
4server
2026-07-16 21:55:19
(5 hours ago)
[ThuJul1623:55:11.9251752026][security2:error][pid1488706:tid1488726][client43.161.252.23:0]ModSecur ...
show more
[ThuJul1623:55:11.9251752026][security2:error][pid1488706:tid1488726][client43.161.252.23:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.aidweb.ch.81-17-25-250.cpanel.site\"][uri\"/var/.env\"][unique_id\"allTPxSpmEk9tuqHDgYLKAAAAVA\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 21:22:24
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:22:18.988367 2026] [security2:error] [pid 1757:tid 1757] [client 43.161.252.23:54532] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rpmevolution.com.jemsfood.com"] [uri "/.envrc"] [unique_id "allLimBird-pAMxjEp6QNwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 21:07:48
(6 hours ago)
(caddyscan) Scanner path probe from 43.161.252.23 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: ...
show more
(caddyscan) Scanner path probe from 43.161.252.23 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 43.161.252.23 - - [16/Jul/2026:21:07:40 +0000] "GET /actuator/env HTTP/1.1"
[REDACTED] 200 2627 43.161.252.23 - - [16/Jul/2026:21:07:41 +0000] "GET /actuator/configprops HTTP/1.1"
[REDACTED] 200 2627 43.161.252.23 - - [16/Jul/2026:21:07:42 +0000] "GET /backup/.env HTTP/1.1"
[REDACTED] 200 2627 43.161.252.23 - - [16/Jul/2026:21:07:43 +0000] "GET /backups/.env HTTP/1.1"
[REDACTED] 200 2627 43.161.252.23 - - [16/Jul/2026:21:07:43 +0000] "GET /old/.env HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-16 20:52:44
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:52:36.331186 2026] [security2:error] [pid 15318:tid 15318] [client 43.161.252.23:35470] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.resume.martinka.org"] [uri "/frontend/.env"] [unique_id "allElJDVZAE3a73AvfPzXgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:24:02
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:23:57.968078 2026] [security2:error] [pid 11979:tid 12043] [client 43.161.252.23:46084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "maestrosoler.com"] [uri "/.env.bak"] [unique_id "alk93aUgNcXyKZ82ltgylwAAAUc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-16 20:16:38
(7 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 19:54:44
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.252.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:54:36.620389 2026] [security2:error] [pid 3211:tid 3211] [client 43.161.252.23:57042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "microbikinitop.com"] [uri "/.env.dev"] [unique_id "alk2_B0cJky8cjIPSdnCdQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack