π³π±
homeshowdomain.nl
2026-02-09 22:59:10
(4 months ago)
Auto-ban: >3000 req/min op 2026-02-09
Hacking
Web App Attack
SSH
πΊπΈ
myagent.site
2026-02-09 22:10:58
(4 months ago)
Blocking for trying to access an exploit file: /backup/.git/config
Hacking
πΊπΈ
myagent.site
2026-02-09 21:40:17
(4 months ago)
Blocking for trying to access an exploit file: /.env.save
Hacking
πΊπΈ
TPI-Abuse
2026-02-09 20:33:44
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:33:41.294254 2026] [security2:error] [pid 19339:tid 19468] [client 104.207.61.57:50839] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gamecrazy.us"] [uri "/api/.env"] [unique_id "aYpEpYgSOxwRKbWl7oITSQAAAJA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-09 09:30:12
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 04:30:02.066861 2026] [security2:error] [pid 23180:tid 23180] [client 104.207.61.57:16057] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fulltime-life.com"] [uri "/admin/.env"] [unique_id "aYmpGp9ArdB2H_O2j4e1MgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-09 09:05:49
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 04:05:42.108273 2026] [security2:error] [pid 24979:tid 24979] [client 104.207.61.57:23417] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "g-peopleland.com"] [uri "/backend/.env"] [unique_id "aYmjZi4QBKyVgFj28-TJPQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-09 06:15:34
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 01:14:59.827503 2026] [security2:error] [pid 14563:tid 14563] [client 104.207.61.57:52077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furball.global"] [uri "/v2/.git/config"] [unique_id "aYl7Y7K93EW_LwST4nmXMgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-09 04:18:39
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 23:18:34.814954 2026] [security2:error] [pid 21040:tid 21040] [client 104.207.61.57:37453] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fullbladderclub.com"] [uri "/.env.staging"] [unique_id "aYlgGmpZsnhnhbZxXB1wvAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
mind5t0rm
2026-01-06 07:54:22
(5 months ago)
(WPLOGIN) WP Login Attack 104.207.61.57 (CA/Canada/-): 3 in the last 3600 secs; Ports: *; Direction: ...
show more
(WPLOGIN) WP Login Attack 104.207.61.57 (CA/Canada/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.207.61.57 - - [06/Jan/2026:14:54:12 +0700] "GET /wp-login.php?wp_lang=en_US HTTP/1.1" 200 2466 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36"
104.207.61.57 - - [06/Jan/2026:14:54:13 +0700] "POST /wp-login.php?wp_lang=en_US HTTP/1.1" 302 5 "https://zerowaterthailand.com/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36"
104.207.61.57 - - [06/Jan/2026:14:54:22 +0700] "GET /wp-login.php?redirect_to=https%3A%2F%2Fwww.zerowaterthailand.com%2Fwp-admin%2Fplugins.php&reauth=1 HTTP/1.1" 200 2471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36"
show less
Port Scan
π©πͺ
Packets-Decreaser.NET
2025-12-29 14:01:10
(5 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
πΊπΈ
TPI-Abuse
2025-11-26 01:28:52
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.61.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:28:48.847697 2025] [security2:error] [pid 10099:tid 10099] [client 104.207.61.57:26691] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.earthwormensemble.doublenaughtspycar.com"] [uri "/.git/HEAD"] [unique_id "aSZX0GJmBPAXW7cuKJAF-QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-11-12 14:08:01
(6 months ago)
Attempted brute force login to web vpn 108 time(s); last attempt for 2025.11.12 is noted in report t ...
show more
Attempted brute force login to web vpn 108 time(s); last attempt for 2025.11.12 is noted in report timestamp
show less
Hacking
Brute-Force
2025-10-27 13:22:51
(7 months ago)
2025-10-27T14:22:48.568071 localhost.localdomain sshd[1038058]: pam_unix(sshd:auth): authentication ...
show more
2025-10-27T14:22:48.568071 localhost.localdomain sshd[1038058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.61.57
2025-10-27T14:22:50.348374 localhost.localdomain sshd[1038058]: Failed password for invalid user [email protected] from 104.207.61.57 port 40763 ssh2
...
show less
Brute-Force
SSH
2025-10-26 08:30:22
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
π³π±
EGP Abuse Dept
2025-10-24 14:43:26
(7 months ago)
Unauthorized connection to SSH port 22
Port Scan
Hacking
SSH