๐ฌ๐ง
openstrike.co.uk
2026-07-07 05:15:29
(3 hours ago)
5 attacks on env grabbing URLs, config grabbing URLs (type 2), VC URLs, PHP URLs:
GET /.env.local HT ...
show more
5 attacks on env grabbing URLs, config grabbing URLs (type 2), VC URLs, PHP URLs:
GET /.env.local HTTP/1.1
GET /appsettings.json HTTP/1.1
GET /.git/config HTTP/1.1
GET /config.php HTTP/1.1
show less
Hacking
Web App Attack
๐จ๐ญ
๐จ๐ญ Hosting
2026-07-07 05:10:11
(3 hours ago)
Automated WAF report: 100-125 blocked requests from this IP detected by our WAF.
Bad Web Bot
Web App Attack
๐ฉ๐ช
MarkGGN
2026-07-07 04:42:27
(3 hours ago)
Web attack. 84.200.91.12 - - [07/Jul/2026:06:42:26 +0200] "GET /.env HTTP/1.1" 403 177 "-" "Mozilla/ ...
show more
Web attack. 84.200.91.12 - - [07/Jul/2026:06:42:26 +0200] "GET /.env HTTP/1.1" 403 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
84.200.91.12 - - [07/Jul/2026:06:42:26 +0200] "GET /.env.local HTTP/1.1" 403 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
show less
Web App Attack
๐ซ๐ท
Phenix Info
2026-07-07 04:41:38
(3 hours ago)
SmallGuard.fr/Prestashop Massive 403
Web App Attack
๐ฉ๐ช
Bedios GmbH
2026-07-07 04:26:53
(4 hours ago)
Login credentials theft attempt
Hacking
๐ต๐ฑ
nfsec.pl
2026-07-07 04:22:50
(4 hours ago)
84.200.91.12 - - [07/Jul/2026:04:22:49 +0000] "GET /.env HTTP/1.1" 403 357 "-" "Mozilla/5.0 (Windows ...
show more
84.200.91.12 - - [07/Jul/2026:04:22:49 +0000] "GET /.env HTTP/1.1" 403 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
84.200.91.12 - - [07/Jul/2026:04:22:49 +0000] "GET /.env.local HTTP/1.1" 403 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
84.200.91.12 - - [07/Jul/2026:04:22:49 +0000] "GET /.git/config HTTP/1.1" 403 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
84.200.91.12 - - [07/Jul/2026:04:22:50 +0000] "GET /appsettings.json HTTP/1.1" 404 31463 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
84.200.91.12 - - [07/Jul/2026:04:22:50 +0000] "GET /config.php HTTP/1.1" 404 25495 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
...
show less
Web App Attack
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-07-07 04:19:43
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 00:19:37.849781 2026] [security2:error] [pid 25681:tid 25681] [client 84.200.91.12:52000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ifatreefallsfilm.com"] [uri "/.env"] [unique_id "akx-WXspWOwpp4bExWBAyQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 04:16:08
(4 hours ago)
git/env leak probe
Web App Attack
๐ณ๐ด
jad-abuse
2026-07-07 04:02:06
(4 hours ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe, git_exposure. Observed by 1 sensor(s); 6 hits.
show less
Web App Attack
Anonymous
2026-07-07 03:55:05
(4 hours ago)
84.200.91.12 - - [07/Jul/2026:03:55:04 +0000] "GET /.env HTTP/1.1" 404 2949 "-" "Mozilla/5.0 (Window ...
show more
84.200.91.12 - - [07/Jul/2026:03:55:04 +0000] "GET /.env HTTP/1.1" 404 2949 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 03:37:07
(4 hours ago)
[07/Jul/2026:06:37:06 +0300] 178339542673.835605 84.200.91.12 46820 148.251.76.218 80
[07/Jul/2026:0 ...
show more
[07/Jul/2026:06:37:06 +0300] 178339542673.835605 84.200.91.12 46820 148.251.76.218 80
[07/Jul/2026:06:37:06 +0300] 178339542661.111690 84.200.91.12 36314 148.251.76.218 443
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 03:35:10
(4 hours ago)
(mod_security) mod_security (id:949110) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:949110) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 23:34:56.525827 2026] [security2:error] [pid 22329:tid 22329] [client 84.200.91.12:53680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "experimentalscene.com"] [uri "/.env"] [unique_id "akxz4BFf6sT487agETbzigAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
solution.it
2026-07-07 03:26:00
(5 hours ago)
[Tue Jul 07 05:25:59.563956 2026] [php7:error] [pid 1646159:tid 1646159] [client 84.200.91.12:41428] ...
show more
[Tue Jul 07 05:25:59.563956 2026] [php7:error] [pid 1646159:tid 1646159] [client 84.200.91.12:41428] script '/var/www/html/config.php' not found or unable to stat
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 03:15:47
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 84.200.91.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 23:15:41.674264 2026] [security2:error] [pid 31311:tid 31311] [client 84.200.91.12:35300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "laecovillage.org"] [uri "/.env"] [unique_id "akxvXRRYYMBlcbeUl2RKDwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Matthew Ping
2026-07-07 03:15:01
(5 hours ago)
ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking