๐บ๐ธ
TPI-Abuse
2026-07-17 13:39:43
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:39:39.277113 2026] [security2:error] [pid 22737:tid 22737] [client 59.36.140.247:56711] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thewarmachineguns.com"] [uri "/.env.development"] [unique_id "alowm6_EcEdYANbMQldZngAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:23:04
(10 hours ago)
(mod_security) mod_security (id:210730) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:22:59.938924 2026] [security2:error] [pid 839363:tid 839363] [client 59.36.140.247:43068] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pknucklejones.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pknucklejones.com"] [uri "/config/master.key"] [unique_id "alossxygCTALUnq5x6bXGQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:47:12
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:47:06.214707 2026] [security2:error] [pid 31659:tid 31659] [client 59.36.140.247:53452] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.service.alccontractorsllc.com"] [uri "/.env"] [unique_id "alokSijmhsrUg8T2nBU4GgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:56:51
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:56:43.410676 2026] [security2:error] [pid 10694:tid 10694] [client 59.36.140.247:35637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.construction.bonefrog.com"] [uri "/.env.staging"] [unique_id "aln8W_pBciDE7hjX0tsyigAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
breubit
2026-07-17 09:01:26
(15 hours ago)
59.36.140.247 - - [17/Jul/2026:11:01:25 +0200] "GET /.env.test HTTP/1.1" 403 4468 "-" "Mozilla/5.0 ( ...
show more
59.36.140.247 - - [17/Jul/2026:11:01:25 +0200] "GET /.env.test HTTP/1.1" 403 4468 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:31:57
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:31:47.889963 2026] [security2:error] [pid 16493:tid 16493] [client 59.36.140.247:55733] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.asiancommoditiescorporation.com"] [uri "/.env.backup"] [unique_id "alnMUzrcC3gxJidP54EfbQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-17 05:36:07
(18 hours ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-07-17 04:50:24
(19 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 03:16:18
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:16:10.301643 2026] [security2:error] [pid 187909:tid 187930] [client 59.36.140.247:47419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.anp-designs.sea2er.com"] [uri "/.env.prod"] [unique_id "almeegD_OulB9eMmxEKxggAAAJI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฟ๐ฆ
conure
2026-07-17 02:54:03
(21 hours ago)
csagent: score 19.8: secrets grab x2; 2 domain(s) in 4s
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:47:20
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 59.36.140.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:47:16.489698 2026] [security2:error] [pid 164832:tid 164832] [client 59.36.140.247:35765] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mahoninginn.com"] [uri "/backups/.env"] [unique_id "almXtB2C6PGgvrJoeBrlFQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
wsyq
2026-07-17 01:15:35
(23 hours ago)
Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource
...
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 00:18:52
(1 day ago)
(caddyscan) Scanner path probe from 59.36.140.247 (CN/China/-): 5 in the last 3600 secs; Ports: *; D ...
show more
(caddyscan) Scanner path probe from 59.36.140.247 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 59.36.140.247 - - [17/Jul/2026:00:18:49 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 59.36.140.247 - - [17/Jul/2026:00:18:50 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 59.36.140.247 - - [17/Jul/2026:00:18:50 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 59.36.140.247 - - [17/Jul/2026:00:18:51 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 59.36.140.247 - - [17/Jul/2026:00:18:51 +0000] "GET /.env.dev HTTP/1.1"
show less
Port Scan
Anonymous
2026-07-16 23:25:54
(1 day ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ณ๐ฑ
Mangelot Hosting
2026-07-16 23:10:28
(1 day ago)
(modsecurity) srv102 ModSecurity 59.36.140.247 (CN/China/-): 10 in the last 3600 secs; Ports: *; Dir ...
show more
(modsecurity) srv102 ModSecurity 59.36.140.247 (CN/China/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack