Anonymous
2026-07-17 02:06:46
(52 minutes ago)
16.61.103.2 - - [17/Jul/2026:04:06:42 +0200] "GET /serverless.yaml HTTP/1.1" 404 567 "-" "Mozilla/5. ...
show more
16.61.103.2 - - [17/Jul/2026:04:06:42 +0200] "GET /serverless.yaml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
16.61.103.2 - - [17/Jul/2026:04:06:43 +0200] "GET /config/production.json HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
16.61.103.2 - - [17/Jul/2026:04:06:43 +0200] "GET /config/development.json HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
16.61.103.2 - - [17/Jul/2026:04:06:43 +0200] "GET /config/default.json HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safa
...
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-17 01:48:09
(1 hour ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
Rip
2026-07-17 01:04:15
(1 hour ago)
Restricted File Access Attempts
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 00:49:10
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute. ...
show more
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:49:03.609067 2026] [security2:error] [pid 31645:tid 31645] [client 16.61.103.2:61674] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "preskitpc.com"] [uri "/.env"] [unique_id "all7_8zMSxcUur7rqaO7mwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-17 00:25:40
(2 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 00:20:14
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute. ...
show more
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:20:03.493653 2026] [security2:error] [pid 14660:tid 14660] [client 16.61.103.2:18924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alrevora.com"] [uri "/wp-config.php.txt"] [unique_id "all1M1Tn6sKYqIDuTN3uDwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-17 00:07:50
(2 hours ago)
Web attack/malicious scanning detected
Web App Attack
Anonymous
2026-07-16 23:45:46
(3 hours ago)
(caddyscan) Scanner path probe from 16.61.103.2 (GB/United Kingdom/ec2-16-61-103-2.eu-west-2.compute ...
show more
(caddyscan) Scanner path probe from 16.61.103.2 (GB/United Kingdom/ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:23:45:40 +0000] "GET /backups/.env HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:23:45:40 +0000] "GET /old/.env HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:23:45:40 +0000] "GET /temp/.env HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:23:45:40 +0000] "GET /tmp/.env HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:23:45:41 +0000] "GET /root/.aws/credentials HTTP/1.1"
show less
Port Scan
๐ซ๐ท
dynamix
2026-07-16 23:44:02
(3 hours ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 23:20:40
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute. ...
show more
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 19:20:33.766198 2026] [security2:error] [pid 11587:tid 11587] [client 16.61.103.2:49120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clockandnightlight.com"] [uri "/.env.swp"] [unique_id "allnQSkHfv6uW9ioM0PVcQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-16 22:30:47
(4 hours ago)
Try to access /.env
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:05:27
(4 hours ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 21:31:07
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute. ...
show more
(mod_security) mod_security (id:210492) triggered by 16.61.103.2 (ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:31:02.258456 2026] [security2:error] [pid 14991:tid 14991] [client 16.61.103.2:51412] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ubuciko.com"] [uri "/.env.production"] [unique_id "allNliyTl1v0HHirYAgi0wAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 21:25:29
(5 hours ago)
(caddyscan) Scanner path probe from 16.61.103.2 (GB/United Kingdom/ec2-16-61-103-2.eu-west-2.compute ...
show more
(caddyscan) Scanner path probe from 16.61.103.2 (GB/United Kingdom/ec2-16-61-103-2.eu-west-2.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:21:25:26 +0000] "GET /.env.staging HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:21:25:27 +0000] "GET /.env.backup HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:21:25:27 +0000] "GET /.env.save HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:21:25:27 +0000] "GET /.env.old HTTP/1.1"
[REDACTED] 200 2627 16.61.103.2 - - [16/Jul/2026:21:25:27 +0000] "GET /.env.bak HTTP/1.1"
show less
Port Scan
๐บ๐ธ
Matthew Ping
2026-07-16 21:00:01
(5 hours ago)
ModSecurity rule 949110 triggered on wp2. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking