๐ฉ๐ช
LRob
2026-07-17 16:06:37
(1 hour ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: /home/node/.aws/credentials | 5 distinct paths | ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: /home/node/.aws/credentials | 5 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 15:27:58
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 11:27:52.800836 2026] [security2:error] [pid 25283:tid 25283] [client 59.36.137.129:39776] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nacuajo.com"] [uri "/.env"] [unique_id "alpJ-Pilcc1RIVIJYGRZdAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 14:57:43
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 10:57:35.220343 2026] [security2:error] [pid 406480:tid 406480] [client 59.36.137.129:53324] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cp.graner.us"] [uri "/.env.local"] [unique_id "alpC3_E_MAbV3-2Swf0h8AAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:59:51
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:59:46.702401 2026] [security2:error] [pid 26769:tid 26769] [client 59.36.137.129:32788] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geno-med.com"] [uri "/.env"] [unique_id "alo1UuyPiPTw_G-EZfhyXwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 11:53:44
(6 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-17 11:48:26
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:48:18.778751 2026] [security2:error] [pid 1148302:tid 1148302] [client 59.36.137.129:54322] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arcadiapropertiesllc.starrmail.net"] [uri "/.env"] [unique_id "aloWgphMtcWreJDZFa3hGwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:15:16
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:15:08.872337 2026] [security2:error] [pid 741354:tid 741354] [client 59.36.137.129:45919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "melton.space"] [uri "/.env"] [unique_id "aloOvEJIa7gpo8cH4heQ8AAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:49:48
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:49:43.912067 2026] [security2:error] [pid 687687:tid 687687] [client 59.36.137.129:60032] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ik3co.com"] [uri "/.env.local"] [unique_id "aloIx_fUfzCHekjZ9FsmKwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:13:22
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:13:14.118712 2026] [security2:error] [pid 23044:tid 23044] [client 59.36.137.129:60508] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gslandservices.soviaenterprises.com"] [uri "/.env.swp"] [unique_id "aloAOiJEM1yTGGfCzVTEjAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
breubit
2026-07-17 09:00:52
(8 hours ago)
59.36.137.129 - - [17/Jul/2026:11:00:52 +0200] "GET /.env HTTP/1.1" 403 499 "-" "Mozilla/5.0 (Window ...
show more
59.36.137.129 - - [17/Jul/2026:11:00:52 +0200] "GET /.env HTTP/1.1" 403 499 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:51:10
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:51:04.288706 2026] [security2:error] [pid 4062:tid 4062] [client 59.36.137.129:39122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.javierreinoso.com.verdadesreales.com"] [uri "/.env.prod"] [unique_id "alns-PwsUypriSyt1nZsWQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:19:56
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:19:50.239704 2026] [security2:error] [pid 368035:tid 368035] [client 59.36.137.129:41619] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardner.farm.brazilianbottom.com"] [uri "/.env.local"] [unique_id "alnlppwDIQbSCRzDOUyxKgAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
gadix
2026-07-17 08:04:59
(9 hours ago)
[17/Jul/2026:10:04:50.063200 +0200] alniIYR-mj4sj7p2cldF_AAAAAE 59.36.137.129 59354 127.0.0.1 7081
[ ...
show more
[17/Jul/2026:10:04:50.063200 +0200] alniIYR-mj4sj7p2cldF_AAAAAE 59.36.137.129 59354 127.0.0.1 7081
[17/Jul/2026:10:04:55.965066 +0200] alniJ1oyJL5lYrk_Gz3RqwAAAAs 59.36.137.129 59360 127.0.0.1 7081
[17/Jul/2026:10:04:59.320024 +0200] alniKlJYsIoaD-37gwvoDAAAAAM 59.36.137.129 59386 127.0.0.1 7081
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:34:22
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.137.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:34:14.795921 2026] [security2:error] [pid 2687:tid 2687] [client 59.36.137.129:60653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "godcanuseyou.com"] [uri "/.env.swp"] [unique_id "alna9miAcAp0NPVm4-L_mQAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hagen Schoebel
2026-07-17 05:28:40
(12 hours ago)
Blocked by CrowdSec - anomaly score block: lfi: 5, anomaly: 5, (CN)
Port Scan
Brute-Force
Web App Attack
SSH