๐บ๐ธ
TPI-Abuse
2026-07-04 03:36:29
(42 minutes ago)
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 23:36:15.363485 2026] [security2:error] [pid 2553:tid 2553] [client 185.132.54.127:60272] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.22"] [uri "/.env"] [unique_id "akh_r-1Me1kaMeRGroKtXgAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 02:52:33
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 22:52:18.517903 2026] [security2:error] [pid 19110:tid 19123] [client 185.132.54.127:43090] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.123"] [uri "/.env"] [unique_id "akh1YuPmW4QJUGRTQX_6CQAAAEo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
masterguru
2026-07-04 01:19:14
(2 hours ago)
Host header is a numeric IP address. Pattern match "^ (920350-205)
Hacking
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-04 00:46:44
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 20:46:27.096877 2026] [security2:error] [pid 30452:tid 30452] [client 185.132.54.127:60664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.163"] [uri "/.env"] [unique_id "akhX47QQt8697nANSqKB9wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
dyln
2026-07-04 00:20:28
(3 hours ago)
Dyls honeypot brute-force: proto8 (1 total hits)
Brute-Force
๐ซ๐ท
vtchost.com
2026-07-03 11:02:57
(17 hours ago)
Jul 3 13:02:57 vtchost kernel: [13347.308128] PORTSCAN: IN=eth0 OUT= MAC=00:50:56:41:75:31:c0:69:11 ...
show more
Jul 3 13:02:57 vtchost kernel: [13347.308128] PORTSCAN: IN=eth0 OUT= MAC=00:50:56:41:75:31:c0:69:11:cd:47:2d:08:00 SRC=185.132.54.127 DST=161.97.181.152 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=37226 DF PROTO=TCP SPT=52290 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0
...
show less
Port Scan
Anonymous
2026-07-03 10:30:04
(17 hours ago)
| Suspicious URL access.
Web App Attack
Hacking
SQL Injection
๐ฌ๐ง
Smish
2026-07-03 10:07:53
(18 hours ago)
HONEYPOT HIT --> Fail2ban time=1783073272 log=2026-07-03T11:07:52+01:00 ip=185.132.54.127 host=89.39 ...
show more
HONEYPOT HIT --> Fail2ban time=1783073272 log=2026-07-03T11:07:52+01:00 ip=185.132.54.127 host=89.39.211.6 method=GET uri="/.env" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" ref="-" rid=76447fc1c58559b989d4c7f6ae27eb70
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 09:48:21
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 05:48:06.476138 2026] [security2:error] [pid 30291:tid 30291] [client 185.132.54.127:56266] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.209"] [uri "/.env"] [unique_id "akeFVpswBtVh3F_NuxIx7QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Duggy_Tuxy๐งฑ
2026-07-03 09:18:31
(19 hours ago)
[DS-BLKS-PROD01] Blocked by SysWarden Firewall (Web Attack)
Web App Attack
Port Scan
Hacking
๐ซ๐ท
Coco Bongo
2026-07-03 09:09:01
(19 hours ago)
185.132.54.127 [redacted] (149440-Evoxt Enterprise United States Los Angeles) - - [03/Jul/2026:11:08 ...
show more
185.132.54.127 [redacted] (149440-Evoxt Enterprise United States Los Angeles) - - [03/Jul/2026:11:08:46 +0200] "GET /.env HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) App
...
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
Catalin Negru
2026-07-03 04:55:05
(23 hours ago)
2026-07-03 07:55:03,818 fail2ban.actions [2945670]: NOTICE [laravel-auth] Ban 185.132.54.127 ...
show more
2026-07-03 07:55:03,818 fail2ban.actions [2945670]: NOTICE [laravel-auth] Ban 185.132.54.127
2026-07-03 07:55:03,818 fail2ban.actions [2945670]: NOTICE [apache-scan] Ban 185.132.54.127
2026-07-03 07:55:03,835 fail2ban.actions [2945670]: NOTICE [apache-dirscan] Ban 185.132.54.127
2026-07-03 07:55:03,836 fail2ban.actions [2945670]: NOTICE [apache-404] Ban 185.132.54.127
2026-07-03 07:55:03,903 fail2ban.actions [2945670]: NOTICE [laravel-env] Ban 185.132.54.127
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 04:04:01
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 185.132.54.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 00:03:46.640121 2026] [security2:error] [pid 22412:tid 22412] [client 185.132.54.127:60776] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.245"] [uri "/.env"] [unique_id "akc0oixWP1WlrmoSlw2iSwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-03 02:24:46
(1 day ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
LMAS
2026-07-02 22:32:42
(1 day ago)
Automated credential scan detected. Requested sensitive file: /.env โ Honeypot triggered.
Brute-Force
Web App Attack