๐ญ๐บ
kranem
2026-07-11 12:00:12
(20 minutes ago)
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 14618 (Amazon.com, Inc.)
Protocol: HTTP/1 ...
show more
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 14618 (Amazon.com, Inc.)
Protocol: HTTP/1.1 (GET method)
Endpoint: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Timestamp: 2026-07-11T09:58:58Z
User-Agent: python-requests/2.25.1
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-11 11:06:12
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 07:06:06.086998 2026] [security2:error] [pid 25493:tid 25493] [client 54.159.111.176:61590] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tomdaughertyorchestra.com"] [uri "/.env"] [unique_id "alIjnjUm1pi8qBMvOWdUzwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-11 11:04:27
(1 hour ago)
Try to access /.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 10:43:08
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:43:01.968854 2026] [security2:error] [pid 5973:tid 5973] [client 54.159.111.176:58277] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mirai-labo.com"] [uri "/.env"] [unique_id "alIeNcacGH4_SOY5ttDAiAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 09:56:51
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 05:56:45.206479 2026] [security2:error] [pid 28749:tid 28749] [client 54.159.111.176:53237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ahuramazda.com"] [uri "/.env"] [unique_id "alITXXKIJsZP8T9a-OM0dAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-11 09:31:01
(2 hours ago)
Environment file probe
Web App Attack
๐ฉ๐ช
AetherFox
2026-07-11 09:15:41
(3 hours ago)
AetherFox VoidGuard detected: [Sat Jul 11 09:15:37.424851 2026] [authz_core:error] [pid 427646:tid 4 ...
show more
AetherFox VoidGuard detected: [Sat Jul 11 09:15:37.424851 2026] [authz_core:error] [pid 427646:tid 427652] [client 54.159.111.176:56234] AH01630: client denied by server configuration: proxy:http://[MASKED]/.env
[Sat Jul 11 09:15:37.425202 2026] [authz_core:error] [pid 427646:tid 427652] [client 54.159.111.176:56234] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html
[Sat Jul 11 09:15:39.016682 2026] [authz_core:error] [pid 427646:tid 427650] [client 54.159.111.176:56282] AH01630: client denied by server configuration: proxy:http://[MASKED]/
[Sat Jul 11 09:15:39.017053 2026] [authz_core:error] [pid 427646:tid 427650] [client 54.159.111.176:56282] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html
[Sat Jul 11 09:15:40.435882 2026] [authz_core:error] [pid 427646:tid 427695] [client 54.159.111.176:56326] AH01630: client denied by server configuration: proxy:https://[MASKED]/.env
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-07-11 08:47:27
(3 hours ago)
Web PHP injection: /eval-stdin.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 07:59:06
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:59:01.290438 2026] [security2:error] [pid 16294:tid 16294] [client 54.159.111.176:59258] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "visiontours.com"] [uri "/.env"] [unique_id "alH3xUkzZCTrWMC6a9-9QQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 07:32:46
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:32:39.349978 2026] [security2:error] [pid 15951:tid 15951] [client 54.159.111.176:55377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "beechleafdesign.com"] [uri "/.env"] [unique_id "alHxl7vcIodGfbR23hZsiwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 06:50:58
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 02:50:50.632427 2026] [security2:error] [pid 29629:tid 29629] [client 54.159.111.176:49345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davidnevue.com"] [uri "/.env"] [unique_id "alHnyjnyETP1OaWHiydRowAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 04:58:00
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 00:57:54.019382 2026] [security2:error] [pid 18517:tid 18517] [client 54.159.111.176:56413] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "smogsandiego.com"] [uri "/.env"] [unique_id "alHNUsK7NeuFf5CkIE30agAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Axel
2026-07-11 04:05:37
(8 hours ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env Server: ...
show more
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
๐ง๐ท
Halux
2026-07-11 03:01:16
(9 hours ago)
54.159.111.176 Probing protected path or service
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 01:35:09
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.159.111.176 (ec2-54-159-111-176.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 21:35:04.664775 2026] [security2:error] [pid 25410:tid 25433] [client 54.159.111.176:51305] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adetnw.com"] [uri "/.env"] [unique_id "alGdyMOU9MqoCh7-jfyKBQAAAFU"]
show less
Brute-Force
Bad Web Bot
Web App Attack