Anonymous
2026-07-13 10:36:37
(12 hours ago)
"GET /.env HTTP/1.1"
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 05:15:06
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 01:15:02.592653 2026] [security2:error] [pid 13798:tid 13798] [client 8.219.0.124:52202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.arcbridge.com"] [uri "/.env"] [unique_id "alR0VmflWOqEjSl1ToE7jwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 04:33:57
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 00:33:53.328740 2026] [security2:error] [pid 2763568:tid 2763568] [client 8.219.0.124:51220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlessons.net"] [uri "/.env"] [unique_id "alRqsXg9YrYh01upYZR8FAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฟ๐ฆ
conure
2026-07-13 04:31:20
(18 hours ago)
csagent: score 20.5: 404 noise floor x2, secrets grab x2; 1 domain(s) in 0s
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 04:04:40
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 00:04:36.330904 2026] [security2:error] [pid 14634:tid 14634] [client 8.219.0.124:41912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "madisonjazzorchestra.com"] [uri "/.env"] [unique_id "alRj1KD-A0FsPkUR53nAqQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ด
Bots.go.to.hell
2026-07-13 03:49:20
(19 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/vpatch-env-access
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-13 03:49:07
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 23:49:00.280565 2026] [security2:error] [pid 20090:tid 20090] [client 8.219.0.124:60868] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeffersonlynn.com"] [uri "/.env"] [unique_id "alRgLOR4GxBf7J1aFWIyyAAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-13 03:45:25
(19 hours ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 03:32:29
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 23:32:22.310478 2026] [security2:error] [pid 25031:tid 25031] [client 8.219.0.124:39676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haroparquet.com"] [uri "/.env"] [unique_id "alRcRrPHILeJcvrAAcsvgAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pltcldvlpr
2026-07-13 03:29:48
(19 hours ago)
CMS/framework probe: 8.219.0.124 - - [13/Jul/2026:05:29:47 +0200] "GET /.git/config HTTP/1.1" 444 0 ...
show more
CMS/framework probe: 8.219.0.124 - - [13/Jul/2026:05:29:47 +0200] "GET /.git/config HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" asn=45102 org="Alibaba (US) Technology Co., Ltd." country=SG
...
show less
Web App Attack
๐ณ๐ฑ
BlueWire Hosting
2026-07-13 03:24:52
(19 hours ago)
Probing websites for vulnerabilities
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 02:46:30
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 22:46:26.178802 2026] [security2:error] [pid 6392:tid 6392] [client 8.219.0.124:55348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "browingism.com"] [uri "/.env"] [unique_id "alRRglMrgEPD0lfEfwf9XgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
โจ
2026-07-13 02:34:21
(20 hours ago)
Domain : redirect.netenergy.uk
Rule : env
2026-07-13 02:32:26 217.194.210.152 GET /.env - 443 - 8.21 ...
show more
Domain : redirect.netenergy.uk
Rule : env
2026-07-13 02:32:26 217.194.210.152 GET /.env - 443 - 8.219.0.124 HTTP/1.1 Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15 - arktisprospec.co.uk 404 0 2 1556 247 209 - -
show less
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-13 02:29:09
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 22:29:03.129455 2026] [security2:error] [pid 13353:tid 13353] [client 8.219.0.124:48372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ardeeapps.com"] [uri "/.git/config"] [unique_id "alRNb96pB0rVDacfMYy6JAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 01:41:48
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 8.219.0.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 21:41:42.980094 2026] [security2:error] [pid 25182:tid 25182] [client 8.219.0.124:40262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scala-global.com"] [uri "/.git/config"] [unique_id "alRCVtE1I8oXKQpnsRvz_QAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack