env leak on 252.today/backend/.env โ WellSpr.ing/NetSentinel civic-AI security layer
Web App Attack
Anonymous
Bot / scanning and/or hacking attempts: GET /.env.example HTTP/1.1, GET /.env.sample HTTP/1.1, GET / ...
show moreBot / scanning and/or hacking attempts: GET /.env.example HTTP/1.1, GET /.env.sample HTTP/1.1, GET /.env.production HTTP/1.1, GET /.env.save HTTP/1.1
show less
Hacking
Web App Attack
Anonymous
(caddyscan) Scanner path probe from 59.36.134.230 (CN/China/-): 5 in the last 3600 secs; Ports: *; D ...
show more(caddyscan) Scanner path probe from 59.36.134.230 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 59.36.134.230 - - [01/Jul/2026:22:00:36 +0000] "GET /wp-config.php.bak HTTP/1.1"
[REDACTED] 200 2627 59.36.134.230 - - [01/Jul/2026:22:00:36 +0000] "GET /wp-config.php.old HTTP/1.1"
[REDACTED] 200 2627 59.36.134.230 - - [01/Jul/2026:22:00:37 +0000] "GET /wp-config.php.save HTTP/1.1"
[REDACTED] 200 2627 59.36.134.230 - - [01/Jul/2026:22:00:37 +0000] "GET /wp-config.php.txt HTTP/1.1"
[REDACTED] 200 2627 59.36.134.230 - - [01/Jul/2026:22:00:37 +0000] "GET /wp-config.php~ HTTP/1.1"
show less
[WedJul0113:17:51.5663532026][security2:error][pid3869848:tid3869871][client59.36.134.230:0]ModSecur ...
show more[WedJul0113:17:51.5663532026][security2:error][pid3869848:tid3869871][client59.36.134.230:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.retepastoralebelli.ch.81-17-25-250.cpanel.site\"][uri\"/.env.dev\"][unique_id\"akT3X1Ru3hrHvqokchZV0gAAANU\"]
show less