๐ณ๐ฑ
homeshowdomain.nl
2025-09-11 21:59:05
(9 months ago)
Auto-ban: >3000 req/min op 2025-09-11
Hacking
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2025-09-11 10:20:06
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 06:19:59.536626 2025] [security2:error] [pid 6754:tid 6754] [client 157.254.54.243:55304] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sailyourkayak.com"] [uri "/.env.stage"] [unique_id "aMKiTzu9KDj6koAMuqkE2AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-11 08:49:59
(10 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ฎ๐ฉ
Burayot
2025-09-11 08:27:13
(10 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 157.254.54.243 (BR/Brazil/-): 1 in t ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 157.254.54.243 (BR/Brazil/-): 1 in the last 3600 secs
show less
Web App Attack
Anonymous
2025-09-11 07:12:33
(10 months ago)
Bot / scanning and/or hacking attempts: GET /appsettings.json HTTP/1.1, GET /.env.backup HTTP/1.1, G ...
show more
Bot / scanning and/or hacking attempts: GET /appsettings.json HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env.dev HTTP/1.1, GET /.env.local HTTP/1.1, GET /.env.stage HTTP/1.1, GET /.env_1 HTTP/1.1, GET /.env.production HTTP/1.1, GET /.env.www HTTP/1.1, GET /api/.env HTTP/1.1, GET /.env.bak HTTP/1.1, GET /.env.old HTTP/1.1
show less
Hacking
Web App Attack
๐ง๐ช
cmbplf
2025-09-11 06:22:12
(10 months ago)
179 requests with url.path *.env
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-09-11 05:28:37
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 01:28:34.508410 2025] [security2:error] [pid 8200:tid 8200] [client 157.254.54.243:44562] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayareahiphopforever.org"] [uri "/.env.prod"] [unique_id "aMJeAk3L_sIAkHu-VVXXowAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-11 05:13:09
(10 months ago)
(mod_security) mod_security (id:211190) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:211190) triggered by 157.254.54.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 01:13:03.898815 2025] [security2:error] [pid 28227:tid 28227] [client 157.254.54.243:34684] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||agrizel.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /laravel-filemanager/download?working_dir=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F&type&file=passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agrizel.com"] [uri "/laravel-filemanager/download"] [unique_id "aMJaX0mPBA-Vvz9-NaexLQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
FABIO EGAS
2025-09-08 21:51:05
(10 months ago)
(mod_security) mod_security triggered on hostname [redacted] 157.254.54.243 (BR/Brazil/-)
SQL Injection
Anonymous
2025-09-08 05:26:33
(10 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
hostseries
2025-09-05 09:48:57
(10 months ago)
Trigger: CT_LIMIT
Brute-Force
๐ง๐ท
megagengar
2025-09-03 12:09:00
(10 months ago)
Repeated SSRF-style requests attempting to access cloud instance metadata endpoints (AWS, GCP, Aliba ...
show more
Repeated SSRF-style requests attempting to access cloud instance metadata endpoints (AWS, GCP, Alibaba). Malicious scanning activity detected.
show less
Hacking
Web App Attack
๐บ๐ธ
FABIO EGAS
2025-09-02 00:56:13
(10 months ago)
(mod_security) mod_security triggered on hostname [redacted] 157.254.54.243 (BR/Brazil/-)
SQL Injection
Anonymous
2025-09-01 16:31:09
(10 months ago)
Failed login attempt detected by Fail2Ban in recidive jail
Brute-Force
Anonymous
2025-09-01 05:16:28
(10 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack