๐ฉ๐ช
Melle
2026-07-02 09:02:15
(6 hours ago)
Blocked by CrowdSec | Scenario: crowdsecurity/http-wordpress-scan | 181.215.65.84 triggered 4 events ...
show more
Blocked by CrowdSec | Scenario: crowdsecurity/http-wordpress-scan | 181.215.65.84 triggered 4 events | Detected: 2026-07-02T09:02:11.059640148Z
show less
Web App Attack
Hacking
Anonymous
2026-06-26 18:00:35
(5 days ago)
Large-scale coordinated botnet (200+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) ...
show more
Large-scale coordinated botnet (200+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) employed by Angara Technologies Group (Explicitly identified himself as enemy a week before attack began) | Attack Signature Blocked: /brands/kramer/shopby/manufacturer-kramer-cisco-lsi-aruba_networks-haivision-barco-xyz.html?stock=1 | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 | (Magento Site)
show less
Hacking
Bad Web Bot
Anonymous
2026-06-25 22:56:02
(6 days ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2026-06-09 20:16:10
(3 weeks ago)
Attac
Brute-Force
๐ฆ๐บ
screwlooseit.com.au
2026-04-07 01:48:47
(2 months ago)
Blocked by CSF 13 firewall - Rule: WPLOGIN
US/United States/-
Web App Attack
๐ณ๐ฑ
Pornomens
2026-02-09 17:58:03
(4 months ago)
181.215.65.84 - - [09/Feb/2026:18:58:02 +0100] "POST /.env HTTP/1.1" 403 473 "-" "Mozilla/5.0 (Windo ...
show more
181.215.65.84 - - [09/Feb/2026:18:58:02 +0100] "POST /.env HTTP/1.1" 403 473 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
181.215.65.84 - - [09/Feb/2026:18:58:02 +0100] "GET /.env HTTP/1.1" 403 472 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
181.215.65.84 - - [09/Feb/2026:18:58:03 +0100] "GET /.env.save HTTP/1.1" 403 472 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-03 17:25:09
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 12:25:02.414271 2026] [security2:error] [pid 23095:tid 23095] [client 181.215.65.84:62737] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.177"] [uri "/.env"] [unique_id "aYIvbhI9FQd-TYdWPkPy0AAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-03 11:20:35
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 06:20:19.388128 2026] [security2:error] [pid 28140:tid 28140] [client 181.215.65.84:54473] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.215"] [uri "/sites/all/libraries/mailchimp/.env"] [unique_id "aYHZ88_1Nfuu21MimuLzVQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 22:45:21
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 17:45:05.548264 2026] [security2:error] [pid 17350:tid 17350] [client 181.215.65.84:43459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.229"] [uri "/wp-content/.env"] [unique_id "aX_XcVQ0DXa6y-gWnVpWYAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 19:20:35
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 14:20:23.188714 2026] [security2:error] [pid 29105:tid 29105] [client 181.215.65.84:43365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.68"] [uri "/local/.env"] [unique_id "aX-nd1FcCZscE3Tf_jUOYgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 15:33:07
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 10:32:42.939615 2026] [security2:error] [pid 2570:tid 2570] [client 181.215.65.84:21507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.59"] [uri "/base/.env"] [unique_id "aX9yGtVqQCKUHvshemkDYAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 14:18:19
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 09:18:09.233534 2026] [security2:error] [pid 25531:tid 25531] [client 181.215.65.84:32097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.197"] [uri "/wp-content/.env"] [unique_id "aX9goV4RCqkVWmsfaGn0vwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-01 12:48:04
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 181.215.65.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 07:47:50.546518 2026] [security2:error] [pid 10525:tid 10525] [client 181.215.65.84:51657] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.153"] [uri "/storage/.env"] [unique_id "aX9LdpKaJv-YLg6eQbAohgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
iNetWorker
2026-01-31 13:48:39
(5 months ago)
trolling for resource vulnerabilities
Web App Attack
๐ฉ๐ช
ps-center
2026-01-30 23:13:01
(5 months ago)
HHV: Web Attack GET /admin/.env
Web Spam
Hacking
Bad Web Bot
Web App Attack