๐ฎ๐ณ
evicky2002
2026-07-18 06:00:00
(1 day ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:04:03
(2 days ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
Web App Attack
SSH
Hacking
๐ณ๐ฑ
Savvii
2026-07-17 17:55:57
(2 days ago)
20 attempts against mh-misbehave-ban on pyrus
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-17 16:50:20
(2 days ago)
CrowdSec: crowdsecurity/http-probing | req: /terraform.tfvars | 11 distinct paths | UA: Mozilla/5.0 ...
show more
CrowdSec: crowdsecurity/http-probing | req: /terraform.tfvars | 11 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Port Scan
Web App Attack
Anonymous
2026-07-17 12:59:05
(2 days ago)
Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /.env.staging HTTP/1.1, GET / ...
show more
Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /.env.staging HTTP/1.1, GET /.env.prod HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:43:59
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:43:56.463119 2026] [security2:error] [pid 11086:tid 11086] [client 52.38.168.119:27300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "renperfco.com"] [uri "/.env.prod"] [unique_id "alojjBToYZkQ6kktZf0E6wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:46:42
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:46:39.924292 2026] [security2:error] [pid 21577:tid 21577] [client 52.38.168.119:25360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.edwinrphotography.grayhost.net"] [uri "/.env"] [unique_id "aloWH7bNu5ZNDCivuhQSGgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-17 11:04:40
(2 days ago)
52.38.168.119 - - [17/Jul/2026:14:04:39 +0300] "GET /frontend/.env HTTP/1.1" 404 4679 "-" "Mozilla/5 ...
show more
52.38.168.119 - - [17/Jul/2026:14:04:39 +0300] "GET /frontend/.env HTTP/1.1" 404 4679 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:21:04
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:21:00.485671 2026] [security2:error] [pid 14192:tid 14192] [client 52.38.168.119:40018] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sandersgroundtest.ryanc.net"] [uri "/.env"] [unique_id "aloCDBh03_C8uMQ7_OOFtgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:09:19
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:09:13.323975 2026] [security2:error] [pid 7906:tid 7906] [client 52.38.168.119:24108] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "holtzheimer.net"] [uri "/.env"] [unique_id "alnxOWMi3Rh9Om8KlZuolgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-17 08:35:41
(2 days ago)
52.38.168.119 - - [17/Jul/2026:11:35:25 +0300] "GET /.env HTTP/1.1" 404 724 "-" "Mozilla/5.0 (Window ...
show more
52.38.168.119 - - [17/Jul/2026:11:35:25 +0300] "GET /.env HTTP/1.1" 404 724 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
52.38.168.119 - - [17/Jul/2026:11:35:40 +0300] "GET /app/.env HTTP/1.1" 404 724 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:07:10
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:07:03.071507 2026] [security2:error] [pid 588341:tid 588341] [client 52.38.168.119:4600] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fellowshipfest.hisfavorite.net"] [uri "/.env"] [unique_id "alnip0lxXyxj0wjRFf5hwwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:48:56
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.38.168.119 (ec2-52-38-168-119.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:48:48.364496 2026] [security2:error] [pid 411101:tid 411101] [client 52.38.168.119:13256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mangamaster.hongkonger.org"] [uri "/.env.production.local"] [unique_id "alneYFeFvHaTAcrR7dSj9gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
djboddington
2026-07-17 07:07:34
(2 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐ณ๐ฑ
e.fierstra
2026-07-17 06:26:58
(2 days ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack