๐บ๐ธ
infra-monitor
2025-09-09 02:45:11
(10 months ago)
Automated ban via infra-monitor: crowdsecurity/http-sensitive-files
Web App Attack
๐น๐ท
rtbh.com.tr
2025-09-08 20:08:41
(10 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
๐ท๐บ
andrey volobuev
2025-09-08 07:25:21
(10 months ago)
[08/Sep/2025:10:25:16 +0300] - - 301 - GET http ha.bebesh.ru "/" [Client 18.139.229.107] [Length 166 ...
show more
[08/Sep/2025:10:25:16 +0300] - - 301 - GET http ha.bebesh.ru "/" [Client 18.139.229.107] [Length 166] [Gzip -] [Sent-to 192.168.1.128] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) Gecko/20040503 Firefox/12.0" "https://www.google.com/"
[08/Sep/2025:10:25:17 +0300] - - 301 - GET http ha.bebesh.ru "/.env" [Client 18.139.229.107] [Length 166] [Gzip -] [Sent-to 192.168.1.128] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) Gecko/20040503 Firefox/12.0" "https://www.google.com/"
[08/Sep/2025:10:25:18 +0300] - 404 404 - GET https ha.bebesh.ru "/.env" [Client 18.139.229.107] [Length 14] [Gzip -] [Sent-to 192.168.1.128] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) Gecko/20040503 Firefox/12.0" "https://www.google.com/"
[08/Sep/2025:10:25:18 +0300] - - 301 - GET http ha.bebesh.ru "/.remote" [Client 18.139.229.107] [Length 166] [Gzip -] [Sent-to 192.168.1.128] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) Gecko/20040503 Firefox/12.0" "https://www.google.com/"
[08/Sep/2025:10:25:18 +0300] -
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
updown.io
2025-09-08 02:33:35
(10 months ago)
{"level":"info","ts":1757298396.892191,"logger":"http.log.access.log1","msg":"handled request","requ ...
show more
{"level":"info","ts":1757298396.892191,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"18.139.229.107","remote_port":"50114","client_ip":"18.139.229.107","proto":"HTTP/1.1","method":"GET","host":"status.arbiter.app","uri":"/","headers":{"Connection":["keep-alive"],"Referer":["https://www.google.com/"],"Accept-Language":["en-US,en;q=0.9"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_2) AppleWebKit/536.30 (KHTML, like Gecko) Version/4.0.6 Safari/535.13"],"Accept-Encoding":["gzip, deflate, br"],"Accept":["*/*"]}},"bytes_read":0,"user_id":"","duration":0.00004358,"size":0,"status":308,"resp_headers":{"Location":["https://status.arbiter.app/"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
{"level":"info","ts":1757298398.4767153,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"18.139.229.107","remote_port":"50212","client_ip":"18.139.229.107","proto":"HTTP/1.1","method":"GET","host":"status.arbiter.a
...
show less
DDoS Attack
Web App Attack
๐ณ๐ฑ
Savvii
2025-09-07 22:08:08
(10 months ago)
20 attempts against mh-misbehave-ban on pea
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2025-09-07 21:51:07
(10 months ago)
20 attempts against mh_ha-misbehave-ban on mist
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ท
rtbh.com.tr
2025-09-07 20:08:40
(10 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
๐ซ๐ท
dynamix
2025-09-07 20:00:56
(10 months ago)
Multiple WAF Violations
Web App Attack
๐จ๐ฟ
ddw
2025-09-07 15:04:17
(10 months ago)
ModSecurity detection - Rules: 930130(Restricted File Access Attempt)
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-07 07:33:48
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 07 03:33:44.428313 2025] [security2:error] [pid 25316:tid 25316] [client 18.139.229.107:56938] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "effectivefirearms.com"] [uri "/.env"] [unique_id "aL01WJvJZAhB9fGI0wrEiAAAAAc"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-09-07 04:36:40
(10 months ago)
18.139.229.107 - - [07/Sep/2025:07:36:34 +0300] "GET /.env HTTP/1.1" 404 274 "https://www.google.com ...
show more
18.139.229.107 - - [07/Sep/2025:07:36:34 +0300] "GET /.env HTTP/1.1" 404 274 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1338.45 Safari/535.25"
18.139.229.107 - - [07/Sep/2025:07:36:39 +0300] "GET //vendor/.env HTTP/1.1" 404 196 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1338.45 Safari/535.25"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-07 02:13:12
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 22:13:05.607831 2025] [security2:error] [pid 30341:tid 30341] [client 18.139.229.107:39016] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kugbe.com"] [uri "/.env"] [unique_id "aLzqMQVJEeEU2F1NtqK-RQAAAA0"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2025-09-07 01:14:05
(10 months ago)
Excessive multi-domain requests
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-09-07 01:13:38
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 21:13:32.109575 2025] [security2:error] [pid 2139:tid 2139] [client 18.139.229.107:47554] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kuddlkat.com"] [uri "/.env"] [unique_id "aLzcPOjqWTFP7qPs4ymMkAAAAAc"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-06 23:25:35
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.139.229.107 (ec2-18-139-229-107.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 19:25:30.029238 2025] [security2:error] [pid 11192:tid 11192] [client 18.139.229.107:39806] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ktnwassociatesinc.com"] [uri "/.env"] [unique_id "aLzC6p-acRkB0XftHF4mTQAAABM"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack