Anonymous
2026-06-29 11:17:11
(2 days ago)
Multiple web server 400 error codes from same source ip
Web App Attack
Anonymous
2026-06-29 06:45:01
(2 days ago)
Blocked by os-abuseipdb; 8 hits, proto=tcp, ports=2082,2083,2086,2087,443,80,8080,8443
Port Scan
Hacking
๐ฌ๐ง
djboddington
2026-06-29 06:41:35
(2 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐บ๐ธ
RAP
2026-06-29 05:58:33
(2 days ago)
2026-06-29 05:58:33 UTC Unauthorized activity to TCP port 8080. Web App
Port Scan
Web App Attack
๐ฌ๐ง
blik2108
2026-06-16 05:35:58
(2 weeks ago)
beta.sleepylizard.com:80 128.24.163.96 - - [16/Jun/2026:06:35:39 +0100] "GET /.git/HEAD HTTP/1.1" 30 ...
show more
beta.sleepylizard.com:80 128.24.163.96 - - [16/Jun/2026:06:35:39 +0100] "GET /.git/HEAD HTTP/1.1" 301 604 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
beta.sleepylizard.com:443 128.24.163.96 - - [16/Jun/2026:06:35:50 +0100] "GET /wp-config.php HTTP/1.1" 200 3961 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
beta.sleepylizard.com:443 128.24.163.96 - - [16/Jun/2026:06:35:50 +0100] "GET /wp-config.php.bak HTTP/1.1" 200 3961 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
beta.sleepylizard.com:443 128.24.163.96 - - [16/Jun/2026:06:35:54 +0100] "GET /config/database.yml HTTP/1.1" 200 3961 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
beta.sleepylizard.com:443 128.24.163.96 - - [16/Jun/2026:06:35:57 +0100] "GET /config.php HTTP/1.1" 2
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-25 09:22:09
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 05:22:01.783096 2026] [security2:error] [pid 16970:tid 16970] [client 128.24.163.96:58890] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "empoweruohio.org"] [uri "/.env"] [unique_id "ahQUuVuMTU3J1mMRJXs3HwAAABE"], referer: https://www.bing.com/search?q=
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
bazter.pro
2026-05-25 05:16:09
(1 month ago)
Fail2Ban: plesk-bot-aggressive - 15 failures
Port Scan
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-24 04:20:00
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 00:19:56.189079 2026] [security2:error] [pid 5077:tid 5077] [client 128.24.163.96:48390] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kaiyadunn.com"] [uri "/.env"] [unique_id "ahJ8bMdI4uFHAPy7Yu6RYwAAAAA"], referer: https://claude.ai/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-24 03:44:52
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 23:44:46.022022 2026] [security2:error] [pid 23819:tid 23819] [client 128.24.163.96:48130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carterrose.com"] [uri "/config/.env"] [unique_id "ahJ0LrD0LbJrPGhHYc3RYwAAAAQ"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Carsten
2026-05-24 02:46:06
(1 month ago)
GET [config/.env]
Port Scan
Anonymous
2026-05-24 02:09:42
(1 month ago)
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:02:09:28 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:02:09:29 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:02:09:30 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:02:09:31 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:02:09:31 +0000] "GET /@fs/.env?import&raw HTTP/1.1"
show less
Port Scan
Anonymous
2026-05-24 01:52:37
(1 month ago)
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:52:33 +0000] "GET /@fs/.env?import&raw HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:52:33 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:52:33 +0000] "GET /@fs/.env.development?import&raw HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:52:33 +0000] "GET /@fs/.env.production?import&raw HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:52:33 +0000] "GET /@fs/.env.test?import&raw HTTP/1.1"
show less
Port Scan
๐ฒ๐ฝ
impra
2026-05-24 01:48:24
(1 month ago)
Detected 8 connection attempts.
Port Scan
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-24 01:33:07
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 128.24.163.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 21:33:00.107487 2026] [security2:error] [pid 15035:tid 15035] [client 128.24.163.96:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fee.nyemdr.org"] [uri "/.env"] [unique_id "ahJVTEKGW_lAjfynV_-f8wAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-24 01:28:30
(1 month ago)
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more
(caddyscan) Scanner path probe from 128.24.163.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:28:26 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:28:26 +0000] "GET /config/.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:28:26 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:28:26 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 128.24.163.96 - - [24/May/2026:01:28:26 +0000] "GET /.git/config HTTP/1.1"
show less
Port Scan