π©πͺ
PhishDestroy
2026-06-26 15:06:39
(2 weeks ago)
Automated scanning of phishdestroy.io for sensitive files (.env, config, credentials). Blocked by Cl ...
show more
Automated scanning of phishdestroy.io for sensitive files (.env, config, credentials). Blocked by Cloudflare WAF rule a85b24fd4b2b4574b9ac23a37dbd7d01. 70 blocked requests. Paths: /v2/.env; /.env-dev; /svelte/.env; /administrator/.env; /.envec2. UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.3
show less
Web App Attack
Anonymous
2026-06-24 04:18:09
(2 weeks ago)
Fuzzing/Looking for credentials files.
Brute-Force
Web App Attack
π©πͺ
Blexyel
2026-06-24 01:58:59
(2 weeks ago)
54.179.180.141 - - [24/Jun/2026:03:58:59 +0200] "GET /.git/config HTTP/1.1" 404 120 "-" "Mozilla/5.0 ...
show more
54.179.180.141 - - [24/Jun/2026:03:58:59 +0200] "GET /.git/config HTTP/1.1" 404 120 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Brute-Force
Web App Attack
π«π·
phoenix1jl96
2026-06-24 01:20:58
(2 weeks ago)
2026/06/24 03:20:27 [error] 2707675#2707675: *59611 open() "/home/user-data/www/default/mailer/.env" ...
show more
2026/06/24 03:20:27 [error] 2707675#2707675: *59611 open() "/home/user-data/www/default/mailer/.env" failed (2: No such file or directory), client: 54.179.180.141, server: mta-sts.lhbiogaz.com, request: "GET /mailer/.env HTTP/1.1", host: "mta-sts.lhbiogaz.com"
2026/06/24 03:20:27 [error] 2707675#2707675: *59611 open() "/usr/local/lib/roundcubemail/.env" failed (2: No such file or directory), client: 54.179.180.141, server: mta-sts.lhbiogaz.com, request: "GET /mail/.env HTTP/1.1", host: "mta-sts.lhbiogaz.com"
...
show less
DNS Compromise
DNS Poisoning
DDoS Attack
Ping of Death
Web Spam
Email Spam
Blog Spam
Port Scan
Hacking
Brute-Force
Bad Web Bot
SSH
Web App Attack
π³π±
Site.eu
2026-06-24 01:18:39
(2 weeks ago)
Excessive 404/403 errors
Brute-Force
π©πͺ
wsyq
2026-06-24 01:14:20
(2 weeks ago)
Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource
...
Bad Web Bot
Web App Attack
Anonymous
2026-06-24 00:28:40
(2 weeks ago)
54.179.180.141 - - [24/Jun/2026:00:28:39 +0000] "GET /mailer/.env HTTP/1.1" 404 209 "-" "Mozilla/5.0 ...
show more
54.179.180.141 - - [24/Jun/2026:00:28:39 +0000] "GET /mailer/.env HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
54.179.180.141 - - [24/Jun/2026:00:28:39 +0000] "GET /mail/.env HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
54.179.180.141 - - [24/Jun/2026:00:28:39 +0000] "GET /mailing/.env HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2025-05-18 09:28:17
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 54.179.180.141 (ec2-54-179-180-141.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 54.179.180.141 (ec2-54-179-180-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 05:28:10.128139 2025] [security2:error] [pid 1748871:tid 1748871] [client 54.179.180.141:63758] [client 54.179.180.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "socialstudiesforkids.com"] [uri "/.env"] [unique_id "aCmoKqHAfLhaFuZMgEajAQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack