๐ซ๐ท
SpaceHost-Server
2026-07-17 22:26:36
(1 day ago)
Brute-Force
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:03:32
(1 day ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
Web App Attack
SSH
Hacking
๐จ๐ญ
TheCoon
2026-07-17 16:45:02
(1 day ago)
Automated: Credential theft attempt - JSON bomb served
Web App Attack
Hacking
Anonymous
2026-07-17 08:18:01
(1 day ago)
(caddyscan) Scanner path probe from 13.57.100.13 (US/United States/ec2-13-57-100-13.us-west-1.comput ...
show more
(caddyscan) Scanner path probe from 13.57.100.13 (US/United States/ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 13.57.100.13 - - [17/Jul/2026:08:17:51 +0000] "GET /wp-config.php.bak HTTP/1.1"
[REDACTED] 200 2627 13.57.100.13 - - [17/Jul/2026:08:17:52 +0000] "GET /wp-config.php.old HTTP/1.1"
[REDACTED] 200 2627 13.57.100.13 - - [17/Jul/2026:08:17:53 +0000] "GET /wp-config.php.save HTTP/1.1"
[REDACTED] 200 2627 13.57.100.13 - - [17/Jul/2026:08:17:55 +0000] "GET /wp-config.php.txt HTTP/1.1"
[REDACTED] 200 2627 13.57.100.13 - - [17/Jul/2026:08:17:56 +0000] "GET /wp-config.php~ HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-17 08:03:15
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:03:08.282882 2026] [security2:error] [pid 18013:tid 18013] [client 13.57.100.13:53348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sigiweb.net"] [uri "/.env.production"] [unique_id "alnhvMU4BNKusJZSE7888gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:36:43
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:36:34.995780 2026] [security2:error] [pid 454621:tid 454621] [client 13.57.100.13:37158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.paris-airshow.christinepeat.com"] [uri "/.env.backup"] [unique_id "alnbgqW5rR2iQM7z2MEF8AAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 07:32:07
(1 day ago)
13.57.100.13 - - [17/Jul/2026:09:31:54 +0200] "GET /private/.env HTTP/1.1" 404 450 "-" "Mozilla/5.0 ...
show more
13.57.100.13 - - [17/Jul/2026:09:31:54 +0200] "GET /private/.env HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
13.57.100.13 - - [17/Jul/2026:09:31:54 +0200] "GET /private/.env HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
13.57.100.13 - - [17/Jul/2026:09:31:56 +0200] "GET /var/.env HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
13.57.100.13 - - [17/Jul/2026:09:31:56 +0200] "GET /var/.env HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://si
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:40:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:40:13.181509 2026] [security2:error] [pid 427185:tid 427185] [client 13.57.100.13:43172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arcontractingservices.com"] [uri "/api/.env"] [unique_id "alnAPX8loGVzm0_N4qGm1gAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:11:55
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:11:52.029219 2026] [security2:error] [pid 12391:tid 12391] [client 13.57.100.13:58078] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.scottwithers.scottwithers.xyz"] [uri "/app/.env"] [unique_id "alm5mDws7kGFsvTYLSygDQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 04:43:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 00:43:11.727838 2026] [security2:error] [pid 239084:tid 239084] [client 13.57.100.13:55132] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coiledtubingdrilling.com.antech.net"] [uri "/.env.staging"] [unique_id "almy3_CkcmNRqCDP1LOfWAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:24:53
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:24:46.572446 2026] [security2:error] [pid 6849:tid 6849] [client 13.57.100.13:38550] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pleasefixmycomputer.com"] [uri "/.env.staging"] [unique_id "almgfn3Ir8Iip_BhpIzWXQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:49:18
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.comput ...
show more
(mod_security) mod_security (id:210492) triggered by 13.57.100.13 (ec2-13-57-100-13.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:49:14.268744 2026] [security2:error] [pid 27366:tid 27366] [client 13.57.100.13:38564] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "statevictoryfund.progressivefileshare.org"] [uri "/.env.production"] [unique_id "almYKmPI0EXbmuF8ZofV8gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
Olexiy Backend
2026-07-17 02:11:54
(1 day ago)
13.57.100.13
...
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 02:07:01
(1 day ago)
Excessive multi-domain requests
Brute-Force
๐ฉ๐ช
ger-stg-sifi1
2026-07-17 01:46:10
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack