๐ง๐ช
Scampi_ml
2026-06-10 13:24:05
(1 month ago)
66x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on ...
show more
66x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on web application paths.
show less
Bad Web Bot
Web App Attack
๐ฌ๐ง
preissler.co.uk
2025-09-27 12:42:15
(9 months ago)
Web scanning
Web App Attack
๐บ๐ธ
infra-monitor
2025-09-16 09:00:02
(10 months ago)
Automated ban via infra-monitor: crowdsecurity/http-sensitive-files
Web App Attack
๐ฉ๐ช
Skyrider
2025-09-13 06:56:14
(10 months ago)
13.218.114.34 - - [13/Sep/2025:08:56:12 +0200] "GET /pms?module=logging&file_name=../../../../../../ ...
show more
13.218.114.34 - - [13/Sep/2025:08:56:12 +0200] "GET /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000 HTTP/2.0" 404 162 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:08:56:12 +0200] "GET /admin/config?cmd=cat+/root/.aws/credentials HTTP/2.0" 404 162 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:08:56:13 +0200] "GET /.env HTTP/2.0" 404 162 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:08:56:13 +0200] "GET /.env.local HTTP/2.0" 404 162 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:08:56:13 +0200] "GET /.env.production HTTP/2.0" 404 162 "-" "Mozilla/5.0"
show less
Bad Web Bot
Web App Attack
๐ฌ๐ง
blik2108
2025-09-13 06:48:21
(10 months ago)
13.218.114.34 - - [13/Sep/2025:07:48:20 +0100] "GET /pms?module=logging&file_name=../../../../../../ ...
show more
13.218.114.34 - - [13/Sep/2025:07:48:20 +0100] "GET /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000 HTTP/1.1" 404 1460 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:07:48:21 +0100] "GET /admin/config?cmd=cat+/root/.aws/credentials HTTP/1.1" 404 1460 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:07:48:21 +0100] "GET /.env HTTP/1.1" 404 1460 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:07:48:21 +0100] "GET /.env.local HTTP/1.1" 404 1460 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:07:48:21 +0100] "GET /.env.production HTTP/1.1" 404 1460 "-" "Mozilla/5.0"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
snappic
2025-09-13 06:40:27
(10 months ago)
Scanning for AWS credentials [GET /pms?module=logging&file_name=../../../../../../~/.aws/credentials ...
show more
Scanning for AWS credentials [GET /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000] [Mozilla/5.0]
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
mawan
2025-09-13 06:30:16
(10 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฎ๐ฉ
zam
2025-09-13 06:25:44
(10 months ago)
13.218.114.34 - - [13/Sep/2025:06:25:34 +0000] "GET /pms?module=logging\u0026file_name=../../../../. ...
show more
13.218.114.34 - - [13/Sep/2025:06:25:34 +0000] "GET /pms?module=logging\u0026file_name=../../../../../../~/.aws/credentials\u0026number_of_lines=10000 HTTP/1.1" 404 70935
13.218.114.34 - - [13/Sep/2025:06:25:35 +0000] "GET /admin/config?cmd=cat+/root/.aws/credentials HTTP/1.1" 404 70935
13.218.114.34 - - [13/Sep/2025:06:25:36 +0000] "GET /.env HTTP/1.1" 404 70935
13.218.114.34 - - [13/Sep/2025:06:25:37 +0000] "GET /.env.local HTTP/1.1" 404 70935
13.218.114.34 - - [13/Sep/2025:06:25:38 +0000] "GET /.env.production HTTP/1.1" 404 70935
{"log"
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-09-13 06:18:44
(10 months ago)
13.218.114.34 - - [13/Sep/2025:09:18:37 +0300] "GET /wp-content/.env HTTP/1.1" 404 280 "-" "Mozilla/ ...
show more
13.218.114.34 - - [13/Sep/2025:09:18:37 +0300] "GET /wp-content/.env HTTP/1.1" 404 280 "-" "Mozilla/5.0"
13.218.114.34 - - [13/Sep/2025:09:18:40 +0300] "GET /application/.env HTTP/1.1" 404 2638 "-" "Mozilla/5.0"
...
show less
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2025-09-13 06:01:49
(10 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
CollideTech
2025-09-13 05:55:55
(10 months ago)
probing for vulnerabilities
Web App Attack
๐บ๐ธ
antlac1
2025-09-13 05:50:03
(10 months ago)
crowdsecurity/http-probing
Brute-Force
Web App Attack
๐ฉ๐ช
paissangroup
2025-09-13 04:28:50
(10 months ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-13 04:17:01
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 13.218.114.34 (ec2-13-218-114-34.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 13.218.114.34 (ec2-13-218-114-34.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 13 00:16:56.882877 2025] [security2:error] [pid 16812:tid 16812] [client 13.218.114.34:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ruralcommunitycare.org"] [uri "/.env"] [unique_id "aMTwOEzU5Oue-8pN4QDvuQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2025-09-13 03:33:06
(10 months ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack