๐ฎ๐ฉ
soc-yk
2026-07-12 15:54:14
(2 hours ago)
Type: suspicious_network_activity
Risk: 100
Events: 72
Evidence:
- Persistent suspicious network ac ...
show more
Type: suspicious_network_activity
Risk: 100
Events: 72
Evidence:
- Persistent suspicious network activity detected
- Repeated hostile operational behavior observed
- Multi-event operational persistence identified
- Threat escalation behavior observed
show less
Port Scan
Hacking
Anonymous
2026-07-11 20:41:48
(22 hours ago)
Banned by Fail2Ban on server
Web App Attack
Anonymous
2026-07-11 16:33:04
(1 day ago)
Bot / scanning and/or hacking attempts: [0/0] init, [1/1] done, GET /.env.local HTTP/2.0, GET /.env. ...
show more
Bot / scanning and/or hacking attempts: [0/0] init, [1/1] done, GET /.env.local HTTP/2.0, GET /.env.production HTTP/2.0, GET /.env HTTP/2.0
show less
Hacking
Web App Attack
Anonymous
2026-07-11 16:04:42
(1 day ago)
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ...
show more
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 15:24:45
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 11:24:41.181192 2026] [security2:error] [pid 5299:tid 5350] [client 15.204.113.182:37924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ogier.us"] [uri "/.env"] [unique_id "alJgOeeCsOysViMml8w-OgAAAIw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 14:30:42
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 10:30:36.875463 2026] [security2:error] [pid 20343:tid 20343] [client 15.204.113.182:33042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "npeme.com"] [uri "/.env"] [unique_id "alJTjMBFbmNUiLbdk8K5XQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-11 14:00:59
(1 day ago)
20 attempts against mh-misbehave-ban on pyrus
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 13:47:21
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 09:47:16.382707 2026] [security2:error] [pid 3745:tid 3745] [client 15.204.113.182:57252] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sfprivatechef.com"] [uri "/.env"] [unique_id "alJJZEhNL27t6X827MNnEAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 13:24:01
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 09:23:56.772937 2026] [security2:error] [pid 2430:tid 2430] [client 15.204.113.182:60480] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scotts.net"] [uri "/.env"] [unique_id "alJD7J0ffILg9rIlyQ7qvgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Celtic
2026-07-11 13:00:23
(1 day ago)
Blocked by Fail2Ban with Jail (plesk-modsecurity)
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-11 10:59:56
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:59:49.719337 2026] [security2:error] [pid 9034:tid 9034] [client 15.204.113.182:40702] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sfgardening.com"] [uri "/.env"] [unique_id "alIiJfFZeXWxWR78-pXlHgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
melroy89
2026-07-11 10:46:23
(1 day ago)
15.204.113.182 - - [11/Jul/2026:12:45:24 +0200] "POST /graphql HTTP/2.0" 404 146 "-" "-" "melroy.or ...
show more
15.204.113.182 - - [11/Jul/2026:12:45:24 +0200] "POST /graphql HTTP/2.0" 404 146 "-" "-" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:24 +0200] "GET /debug HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:24 +0200] "GET /actuator HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:25 +0200] "GET /debug/vars HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:25 +0200] "GET /actuator/env HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:25 +0200] "POST /api/graphql HTTP/2.0" 404 146 "-" "-" "melroy.org" 0.000
15.204.113.182 - - [11/Jul/2026:12:45:25 +0200] "GET /server-status HTTP/2.0" 404 146 "-" "Mozilla/5.0
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 10:42:02
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:41:54.476791 2026] [security2:error] [pid 5330:tid 5330] [client 15.204.113.182:54280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mbnetworking.com"] [uri "/.env"] [unique_id "alId8oJcDzGxnle7Fb6GfwAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 09:48:15
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 15.204.113.182 (vps-3a90e7f0.vps.ovh.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 05:48:08.739257 2026] [security2:error] [pid 16005:tid 16005] [client 15.204.113.182:40220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marionenv.com"] [uri "/.env"] [unique_id "alIRWEcRA3gImjAzgbPSwQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Octopuce
2026-07-11 09:33:01
(1 day ago)
Aggressive web search of vulnerable pages: /.env /.env.local /wp-config.php /sites/default/settings. ...
show more
Aggressive web search of vulnerable pages: /.env /.env.local /wp-config.php /sites/default/settings.php /sites/default/settings.local.php /conf ...
show less
Web App Attack