๐บ๐ธ
TPI-Abuse
2026-07-17 02:53:20
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:53:14.551746 2026] [security2:error] [pid 24263:tid 24350] [client 52.52.163.242:34710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "honorac.com"] [uri "/.env"] [unique_id "almZGoNgJ_HKdsJeX33XWQAAAc8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฟ๐ฆ
conure
2026-07-17 02:52:41
(2 hours ago)
csagent: score 20.0: secrets grab x2; 1 domain(s) in 0s
Web App Attack
Anonymous
2026-07-17 02:47:08
(2 hours ago)
(caddyscan) Scanner path probe from 52.52.163.242 (US/United States/ec2-52-52-163-242.us-west-1.comp ...
show more
(caddyscan) Scanner path probe from 52.52.163.242 (US/United States/ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.52.163.242 - - [17/Jul/2026:02:47:02 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 52.52.163.242 - - [17/Jul/2026:02:47:04 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 52.52.163.242 - - [17/Jul/2026:02:47:05 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 52.52.163.242 - - [17/Jul/2026:02:47:06 +0000] "GET /.env.dev HTTP/1.1"
[REDACTED] 200 2627 52.52.163.242 - - [17/Jul/2026:02:47:07 +0000] "GET /.env.prod HTTP/1.1"
show less
Port Scan
๐ฉ๐ช
LRob
2026-07-17 02:36:56
(2 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /.aws/credentials | 5 distinct paths | UA: Mozil ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /.aws/credentials | 5 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Hacking
๐ต๐ฑ
lns.bz
2026-07-17 02:29:30
(2 hours ago)
Web app attack [PL.Lu]
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:27:34
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:27:29.912759 2026] [security2:error] [pid 29225:tid 29225] [client 52.52.163.242:37236] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eliteregenmed.com"] [uri "/.env"] [unique_id "almTEXDWqq1mDRl7Dpp-EgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-17 02:26:17
(2 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
Anonymous
2026-07-17 02:19:30
(2 hours ago)
Fail2Ban: ModSecurity detected a web application attack.
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-17 00:25:30
(4 hours ago)
Web attack/malicious scanning detected
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-17 00:18:19
(4 hours ago)
20 attempts against mh-misbehave-ban on pyrus
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 23:42:32
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 19:42:24.526757 2026] [security2:error] [pid 15360:tid 15360] [client 52.52.163.242:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ndanetworks.com"] [uri "/.env.vault"] [unique_id "allsYCHhEt-WWFqMdcu3XwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 23:22:45
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 19:22:38.737106 2026] [security2:error] [pid 9642:tid 9642] [client 52.52.163.242:55376] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clockandnightlight.com"] [uri "/app/.env"] [unique_id "allnvp4oSptG4bf-Rq9aRAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 22:44:44
(6 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:04:24
(7 hours ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 20:52:24
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 52.52.163.242 (ec2-52-52-163-242.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:52:19.758950 2026] [security2:error] [pid 5048:tid 5048] [client 52.52.163.242:50610] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.resume.martinka.org"] [uri "/config/.env"] [unique_id "allEg6XURaeoNBxvuwwsCwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack