Anonymous
2026-07-06 16:32:52
(20 minutes ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐ซ๐ท
Catalin Negru
2026-07-06 15:36:34
(1 hour ago)
Recidive ban by fail2ban on server.blackbit.ro
Brute-Force
๐ฉ๐ช
Petros Stefanakis
2026-07-06 15:06:09
(1 hour ago)
(mod_security) mod_security triggered on hostname [redacted] 147.45.135.191 (RU/Russia/-)
SQL Injection
๐ซ๐ท
LRob
2026-07-06 10:42:57
(6 hours ago)
CrowdSec: crowdsecurity/http-probing | req: ["/var/.env","/docker-compose.yml","/docker-compose.yaml ...
show more
CrowdSec: crowdsecurity/http-probing | req: ["/var/.env","/docker-compose.yml","/docker-compose.yaml","/docker-compose.override.yml","/docker-compose.dev.yml","/docker-compose.prod.yml","/config.json","/settings.json","/secrets.json","/credentials.json","/cdp_api_key.json"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"]
show less
Port Scan
Web App Attack
๐ซ๐ท
GoodOldTOS
2026-07-06 09:32:38
(7 hours ago)
Bad keywords detected in request: /.env
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 07:45:20
(9 hours ago)
(mod_security) mod_security (id:210730) triggered by 147.45.135.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 147.45.135.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 03:45:13.770136 2026] [security2:error] [pid 25485:tid 25485] [client 147.45.135.191:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||haywardcarpentry.com|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "haywardcarpentry.com"] [uri "/config/master.key"] [unique_id "aktdCeu2c7iJP4lsttN8NgAAADc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 05:58:48
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 147.45.135.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 147.45.135.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 01:58:43.548945 2026] [security2:error] [pid 22312:tid 22312] [client 147.45.135.191:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luisgtechgroup.com"] [uri "/backup/.env"] [unique_id "aktEE8iUS4JAZadnfKBCrgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
infra-monitor
2026-07-06 03:00:07
(13 hours ago)
Automated ban via infra-monitor: suspicious-probe
Port Scan
Anonymous
2026-07-06 00:49:38
(16 hours ago)
Aggressive web scan
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-06 00:37:56
(16 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฉ๐ช
Bedios GmbH
2026-07-05 22:03:45
(18 hours ago)
Wordpress hacking attempt
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-05 21:20:01
(19 hours ago)
Excessive multi-domain requests
Brute-Force
๐ฉ๐ช
IVski
2026-07-05 17:48:50
(23 hours ago)
IVski WAF | Sensitive file probe detected - looking for .env
Port Scan
Brute-Force
Web App Attack
๐ฉ๐ช
Dominik Lysiak
2026-07-05 12:13:31
(1 day ago)
147.45.135.191 - - [05/Jul/2026:14:13:12 +0200] "GET /.env.test HTTP/1.1" 404 548 "-" "Mozilla/5.0 ( ...
show more
147.45.135.191 - - [05/Jul/2026:14:13:12 +0200] "GET /.env.test HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
147.45.135.191 - - [05/Jul/2026:14:13:30 +0200] "GET /.env.backup HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
147.45.135.191 - - [05/Jul/2026:14:13:30 +0200] "GET /.env.save HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
...
show less
Web App Attack
๐ซ๐ท
dwmp
2026-07-05 07:45:36
(1 day ago)
[05/Jul/2026:09:45:35.201778 +0200] akoLn0YfRYXXqeLRLG1YFQAAAAI 147.45.135.191 54060 38.242.227.117 ...
show more
[05/Jul/2026:09:45:35.201778 +0200] akoLn0YfRYXXqeLRLG1YFQAAAAI 147.45.135.191 54060 38.242.227.117 7081
[05/Jul/2026:09:45:35.465391 +0200] akoLn1I2wtUI4PzHEhMRFQAAAUs 147.45.135.191 54062 38.242.227.117 7081
[05/Jul/2026:09:45:35.739598 +0200] akoLn1I2wtUI4PzHEhMRFgAAAUw 147.45.135.191 54064 38.242.227.117 7081
...
show less
Brute-Force
SSH