๐ฉ๐ช
Bedios GmbH
2026-06-30 09:03:05
(10 hours ago)
Login credentials theft attempt
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 08:40:23
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 04:40:17.339039 2026] [security2:error] [pid 9191:tid 9191] [client 60.167.165.41:33966] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aquatech-ind.com"] [uri "/.env.local"] [unique_id "akOA8c_TrH5dEMIUsgOVYAAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐พ
lns.bz
2026-06-30 08:29:08
(10 hours ago)
.env scanning [BY]
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-30 07:53:22
(11 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐จ๐ฆ
Not Fake
2026-06-30 07:23:57
(11 hours ago)
$f2bV_matches
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 06:54:17
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:54:10.054483 2026] [security2:error] [pid 1017:tid 1045] [client 60.167.165.41:32868] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thesardinemenmovie.plumeraproductions.com"] [uri "/.env"] [unique_id "akNoEjg5lG7N5h734vc0DQAAAJY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 06:37:54
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:37:50.109329 2026] [security2:error] [pid 16507:tid 16581] [client 60.167.165.41:52946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sellmantitle.com"] [uri "/.env.old"] [unique_id "akNkPhJUFx1Z6vrXIlFwygAAAFU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-06-30 06:25:57
(12 hours ago)
Web attack/malicious scanning detected
Web App Attack
Anonymous
2026-06-30 06:15:42
(13 hours ago)
(caddyscan) Scanner path probe from 60.167.165.41 (CN/China/-): 5 in the last 3600 secs; Ports: *; D ...
show more
(caddyscan) Scanner path probe from 60.167.165.41 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 60.167.165.41 - - [30/Jun/2026:06:15:39 +0000] "GET /.env.swp HTTP/1.1"
[REDACTED] 200 2627 60.167.165.41 - - [30/Jun/2026:06:15:39 +0000] "GET /.env~ HTTP/1.1"
[REDACTED] 200 2627 60.167.165.41 - - [30/Jun/2026:06:15:40 +0000] "GET /.env.example HTTP/1.1"
[REDACTED] 200 2627 60.167.165.41 - - [30/Jun/2026:06:15:41 +0000] "GET /.env.sample HTTP/1.1"
[REDACTED] 200 2627 60.167.165.41 - - [30/Jun/2026:06:15:41 +0000] "GET /.env.dist HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-30 06:03:45
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:03:39.180522 2026] [security2:error] [pid 12212:tid 12212] [client 60.167.165.41:42247] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mainescentsecrets.com"] [uri "/.env.dev"] [unique_id "akNcOwMTL8i596Y9MG2oYQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 04:51:55
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 00:51:49.675196 2026] [security2:error] [pid 31256:tid 31256] [client 60.167.165.41:59103] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ustock.app.suffolksystems.com"] [uri "/.env.vault"] [unique_id "akNLZW0lLRn2iP1CcDe59gAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 14:28:03
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 60.167.165.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:27:55.527096 2026] [security2:error] [pid 21226:tid 21226] [client 60.167.165.41:56071] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.hdeco.com"] [uri "/.env"] [unique_id "akEva593tqwBszXsF1LsaAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฑ๐ป
garmtech.com
2026-06-27 10:57:56
(3 days ago)
IM360 WAF: Direct access to sensitive file or dotfile MV:/.env
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-26 22:03:03
(3 days ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-25.
show less
Web App Attack
SSH
Hacking
๐ณ๐ฑ
homeshowdomain.nl
2026-06-25 22:01:56
(4 days ago)
Auto-ban: >3000 req/min op 2026-06-25
Web App Attack
SSH
Hacking