๐ณ๐ฑ
homeshowdomain.nl
2026-07-15 22:01:33
(3 hours ago)
Auto-ban: >3000 req/min op 2026-07-15
Web App Attack
SSH
Hacking
Anonymous
2026-07-15 16:31:55
(8 hours ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ฌ๐ง
thetomtaylor.co.uk
2026-07-15 13:07:01
(12 hours ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,mx01,mx02,mx03,wa ...
show more
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,mx01,mx02,mx03,wa01,wa02]
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 12:32:35
(12 hours ago)
(caddyscan) Scanner path probe from 105.156.239.44 (MA/Morocco/-): 5 in the last 3600 secs; Ports: * ...
show more
(caddyscan) Scanner path probe from 105.156.239.44 (MA/Morocco/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 105.156.239.44 - - [15/Jul/2026:11:43:49 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 105.156.239.44 - - [15/Jul/2026:12:08:20 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 105.156.239.44 - - [15/Jul/2026:12:15:23 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 105.156.239.44 - - [15/Jul/2026:12:32:31 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 105.156.239.44 - - [15/Jul/2026:12:32:32 +0000] "GET /.env HTTP/1.1"
show less
Port Scan
๐ฒ๐พ
Rizzy
2026-07-15 12:29:37
(12 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 11:50:13
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 105.156.239.44 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 105.156.239.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:50:08.294323 2026] [security2:error] [pid 31857:tid 31857] [client 105.156.239.44:63378] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "borzois.com"] [uri "/.env"] [unique_id "aldz8CA96CxSxQ20wg1HQwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-15 11:44:25
(13 hours ago)
2.397 requests with url.path *.env
Brute-Force
Bad Web Bot
๐ซ๐ฎ
pixiekat
2026-07-15 11:43:22
(13 hours ago)
[Wed Jul 15 12:39:32.707528 2026] [security2:error] [pid 419685:tid 419750] [client 105.156.239.44:5 ...
show more
[Wed Jul 15 12:39:32.707528 2026] [security2:error] [pid 419685:tid 419750] [client 105.156.239.44:57731] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "integraldata.cc"] [uri "/.env"] [unique_id "aldxdLd5QDmE-och9N1cvQAAAFM"]
[Wed Jul 15 12:43:21.373980 2026] [security2:error] [pid 419685:tid 419756] [client 105.156.239.44:49587] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.28.0"] [tag "anomaly-evaluation"] [tag
...
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-15 11:17:56
(14 hours ago)
105.156.239.44 - - [15/Jul/2026:14:17:55 +0300] "GET /.env HTTP/1.1" 404 4708 "-" "-"
...
Web App Attack
๐บ๐ธ
tedmichalik.com
2026-07-15 11:00:36
(14 hours ago)
105.156.239.44 - - [15/Jul/2026:07:00:20 -0400] "GET /.env HTTP/1.1" 404 39757 "-" "-"
...
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-15 10:53:59
(14 hours ago)
cloudlinux2 fail2ban: 2026-07-15 12:48:50,114 fail2ban.filter [1812]: INFO [plesk-wordpre ...
show more
cloudlinux2 fail2ban: 2026-07-15 12:48:50,114 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 216.24.219.160 - 2026-07-15 12:48:49cloudlinux2 fail2ban: 2026-07-15 12:48:54,511 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 216.24.219.160 - 2026-07-15 12:48:54cloudlinux2 fail2ban: 2026-07-15 12:48:55,693 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 105.156.239.44 - 2026-07-15 12:48:55cloudlinux2 fail2ban: 2026-07-15 12:49:26,144 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 105.156.239.44 - 2026-07-15 12:49:26cloudlinux2 fail2ban: 2026-07-15 12:50:36,924 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 45.132.227.162 - 2026-07-15 12:50:36cloudlinux2 fail2ban: 2026-07-15 12:50:36,925 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 45.132.227.171 - 2026-07-15 12:50:36cloudlinux2 fail2ban: 2026-07-15 12:50:49,038 fail2ban.actions [1812]: NOTICE [plesk-modsecurity] Unban 103.171.117.43cloudlinux2 fail2b
show less
Web App Attack
๐ณ๐ด
jad-abuse
2026-07-15 10:46:14
(14 hours ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe. Observed by 1 sensor(s); 1 hits.
show less
Web App Attack
๐ต๐ฑ
sefinek.net
2026-07-15 10:39:23
(14 hours ago)
Triggered Cloudflare WAF (firewallCustom) from MA.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoi ...
show more
Triggered Cloudflare WAF (firewallCustom) from MA.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoint: /.env | UA: Empty string โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-15 10:36:35
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 105.156.239.44 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 105.156.239.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:36:27.591970 2026] [security2:error] [pid 28574:tid 28574] [client 105.156.239.44:61967] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.art4mm.performingartsguild.com"] [uri "/.env"] [unique_id "aldiq1fZYJNaqKxkJtVHOwAAAE4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 10:21:11
(14 hours ago)
Web App Attack, Hacking
Hacking
Web App Attack