Anonymous
2026-07-17 02:07:11
(1 hour ago)
Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=155
Hacking
πΊπΈ
TPI-Abuse
2026-07-17 01:44:33
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:44:29.405588 2026] [security2:error] [pid 22158:tid 22158] [client 63.182.8.219:32912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cs4kids.org.jacksonpropertyrentals.com"] [uri "/.env.save"] [unique_id "almI_THoTkYdPmLRzeX_bQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
consul.to
2026-07-17 00:51:22
(2 hours ago)
Web attack/malicious scanning detected
Web App Attack
π©πͺ
FeG Deutschland
2026-07-16 23:54:04
(3 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
π³π±
thedreamer.nl
2026-07-16 23:36:36
(3 hours ago)
63.182.8.219 - - [17/Jul/2026:01:36:08 +0200] "GET /.env.dev HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Wi ...
show more
63.182.8.219 - - [17/Jul/2026:01:36:08 +0200] "GET /.env.dev HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)" "DE" "Frankfurt am Main" "50.11690" "8.68370"
63.182.8.219 - - [17/Jul/2026:01:36:08 +0200] "GET /.env.prod HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)" "DE" "Frankfurt am Main" "50.11690" "8.68370"
63.182.8.219 - - [17/Jul/2026:01:36:08 +0200] "GET /.env.test HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)" "DE" "Frankfurt am Main" "50.11690" "8.68370"
63.182.8.219 - - [17/Jul/2026:01:36:08 +0200] "GET /.env.staging HTTP/1.1" 200 2213 "-
...
show less
Hacking
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-16 23:00:47
(4 hours ago)
Excessive multi-domain requests
Brute-Force
π¬π§
venus.launch.bz
2026-07-16 22:17:02
(5 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 63.182.8.219 (DE/Germany/ec2-63-182-8-2 ...
show more
(mod_security) mod_security triggered on hostname [redacted] 63.182.8.219 (DE/Germany/ec2-63-182-8-219.eu-central-1.compute.amazonaws.com)
show less
SQL Injection
π³π±
homeshowdomain.nl
2026-07-16 22:06:23
(5 hours ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
π©πͺ
todix
2026-07-16 21:40:06
(5 hours ago)
Web App Attack Exploid from 63.182.8.219
Web App Attack
Anonymous
2026-07-16 21:34:35
(5 hours ago)
(caddyscan) Scanner path probe from 63.182.8.219 (DE/Germany/ec2-63-182-8-219.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 63.182.8.219 (DE/Germany/ec2-63-182-8-219.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 63.182.8.219 - - [16/Jul/2026:21:34:32 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 63.182.8.219 - - [16/Jul/2026:21:34:33 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 63.182.8.219 - - [16/Jul/2026:21:34:33 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 63.182.8.219 - - [16/Jul/2026:21:34:33 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 63.182.8.219 - - [16/Jul/2026:21:34:33 +0000] "GET /.env.dev HTTP/1.1"
show less
Port Scan
π©πͺ
big-cloud.nl
2026-07-16 21:23:14
(6 hours ago)
Try to access /app/.env
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 20:55:37
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:55:17.808148 2026] [security2:error] [pid 7614:tid 7705] [client 63.182.8.219:37226] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.agrigrailtech.com"] [uri "/.env.old"] [unique_id "allFNZr2fMUhZAbfoiipCAAAAcE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
outputblog.de
2026-07-16 20:53:20
(6 hours ago)
apache-wp-probephp
Port Scan
Hacking
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-16 19:54:43
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:54:34.437595 2026] [security2:error] [pid 4543:tid 4543] [client 63.182.8.219:33299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thongtracker.com"] [uri "/.env.bak"] [unique_id "alk2-llNzsM1Hgzrtk5r-QAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 19:18:04
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 63.182.8.219 (ec2-63-182-8-219.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:17:57.996057 2026] [security2:error] [pid 4613:tid 4613] [client 63.182.8.219:35664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alavida.cr.galvez.cc"] [uri "/.env.prod"] [unique_id "alkuZUnKrhhocPd7JPFR5gAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack