Anonymous
2026-07-05 05:17:58
(1 day ago)
172.71.232.13 - - [05/Jul/2026:07:17:55 +0200] "GET /config/upload/config%2ets HTTP/1.1" 403 124 "-" ...
show more
172.71.232.13 - - [05/Jul/2026:07:17:55 +0200] "GET /config/upload/config%2ets HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:55 +0200] "GET /test/integration/env-config/app/%2eenv HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /admin/settings%2ejson HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /error%2elog%2ebak HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /old/test%2ephp HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /node_modules/%2eenv%2eprod HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /v1/%2eenv%2eproduction%2elocal HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /etc/aws_config%2eenv HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [05/Jul/2026:07:17:56 +0200] "GET /config/new/config%2ephp HTTP/1.1" 403 124 "-
...
show less
Bad Web Bot
Web App Attack
πΊπΈ
mawan
2026-07-02 20:23:13
(3 days ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2026-07-01 13:19:12
(5 days ago)
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /music-app/backend/%2eenv HTTP/1.1" 403 124 "-" ...
show more
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /music-app/backend/%2eenv HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /mailer/helper/phpinfo%2ephp HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /*%2eenv%2eprod HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /tls/server%2epem HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /admin/config/sendgrid%2ejson HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /config/mail/mailgun_key%2etxt HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /admin/config/mailgun_api_key%2etxt HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /email/sendgrid_api_key%2etxt HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [01/Jul/2026:15:19:10 +0200] "GET /js/%2eenv HTTP/1.1" 403 124 "-" "cu
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 05:51:48
(1 week ago)
172.71.232.13 - - [29/Jun/2026:07:51:45 +0200] "GET /var/task/amplify.yml HTTP/1.1" 403 124 "-" "cur ...
show more
172.71.232.13 - - [29/Jun/2026:07:51:45 +0200] "GET /var/task/amplify.yml HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:45 +0200] "GET /var/task/amplify.yaml HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:45 +0200] "GET /app/amplify.yml HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:45 +0200] "GET /app/amplify.yaml HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:46 +0200] "GET /$(pwd)/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:46 +0200] "GET /$(pwd)/.env.local HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:46 +0200] "GET /$(pwd)/.env.production HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:46 +0200] "GET /$(pwd)/.env.development HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:51:46 +0200] "GET /$(pwd)/.env.staging HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [29/Jun/2026:07:5
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-06-23 13:14:55
(1 week ago)
172.71.232.13 - - [23/Jun/2026:15:14:53 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 441 ...
show more
172.71.232.13 - - [23/Jun/2026:15:14:53 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
172.71.232.13 - - [23/Jun/2026:15:14:53 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
172.71.232.13 - - [23/Jun/2026:15:14:54 +0200] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
172.71.232.13 - - [23/Jun/2026:15:14:54 +0200] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
172.71.232.13 - - [23/Jun/2026:15:14:54 +0200] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "
...
show less
Brute-Force
Web App Attack
Anonymous
2026-06-21 13:00:37
(2 weeks ago)
172.71.232.13 - - [21/Jun/2026:15:00:35 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 184 " ...
show more
172.71.232.13 - - [21/Jun/2026:15:00:35 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [21/Jun/2026:15:00:35 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [21/Jun/2026:15:00:36 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [21/Jun/2026:15:00:36 +0200] "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [21/Jun/2026:15:00:36 +0200] "GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404
...
show less
Brute-Force
Web App Attack
Anonymous
2026-06-19 22:18:29
(2 weeks ago)
172.71.232.13 - - [20/Jun/2026:00:18:26 +0200] "GET /aws/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172 ...
show more
172.71.232.13 - - [20/Jun/2026:00:18:26 +0200] "GET /aws/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:26 +0200] "GET /azure/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:26 +0200] "GET /babel-plugin-dotenv/test/fixtures/as-alias/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:27 +0200] "GET /babel-plugin-dotenv/test/fixtures/default/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:27 +0200] "GET /babel-plugin-dotenv/test/fixtures/dev-env/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:27 +0200] "GET /babel-plugin-dotenv/test/fixtures/empty-values/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:27 +0200] "GET /babel-plugin-dotenv/test/fixtures/filename/.env HTTP/1.1" 403 124 "-" "curl/8.7.1"
172.71.232.13 - - [20/Jun/2026:00:18:27 +0200] "GET /babel-plugin-dotenv/test/fixtures/override-value/.env HTTP/1.1" 403 1
...
show less
Bad Web Bot
Web App Attack
π³π΄
jad-abuse
2026-06-19 21:08:15
(2 weeks ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_expos ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure. Observed by 1 sensor(s); 1 hits.
show less
Web App Attack
Anonymous
2026-06-16 15:32:54
(2 weeks ago)
172.71.232.13 - - [16/Jun/2026:17:32:52 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ...
show more
172.71.232.13 - - [16/Jun/2026:17:32:52 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [16/Jun/2026:17:32:52 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [16/Jun/2026:17:32:53 +0200] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [16/Jun/2026:17:32:53 +0200] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [16/Jun/2026:17:32:53 +0200] "GET //wp/wp-includes/wlwmanifest.x
...
show less
Brute-Force
Web App Attack
πΊπΈ
mnsf
2026-06-16 05:06:12
(2 weeks ago)
Abuse Detected (1)
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 00:09:38
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.232.13 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.232.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 20:09:33.133935 2026] [security2:error] [pid 23890:tid 23890] [client 172.71.232.13:13707] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gonzalez.com"] [uri "/.git/config"] [unique_id "ajCUPZ0nO_pvUkhZVg9LmwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-22 20:17:31
(1 month ago)
172.71.232.13 - - [22/May/2026:22:17:29 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 " ...
show more
172.71.232.13 - - [22/May/2026:22:17:29 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [22/May/2026:22:17:30 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [22/May/2026:22:17:30 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [22/May/2026:22:17:30 +0200] "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [22/May/2026:22:17:30 +0200] "GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404
...
show less
Brute-Force
Web App Attack
Anonymous
2026-05-07 13:17:12
(1 month ago)
172.71.232.13 - - [07/May/2026:15:17:11 +0200] "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ...
show more
172.71.232.13 - - [07/May/2026:15:17:11 +0200] "GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [07/May/2026:15:17:11 +0200] "GET /2018/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [07/May/2026:15:17:12 +0200] "GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [07/May/2026:15:17:12 +0200] "GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404 186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.71.232.13 - - [07/May/2026:15:17:12 +0200] "GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 4
...
show less
Brute-Force
Web App Attack
π©πͺ
acadeova
2026-03-28 05:59:46
(3 months ago)
π¨ Recon detected (nft drop)
SRC=172.71.232.13
Observed=TCP dpt=80 in=enp0s6 ttl=58
Time=recent(journ ...
show more
π¨ Recon detected (nft drop)
SRC=172.71.232.13
Observed=TCP dpt=80 in=enp0s6 ttl=58
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
Anonymous
2026-03-27 05:50:10
(3 months ago)
Aggressive web scan
Web App Attack