๐ฉ๐ช
ecs.ge
2026-07-17 17:54:13
(1 day ago)
Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.
Web App Attack
Hacking
๐ฒ๐พ
Rizzy
2026-07-17 17:52:45
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 17:49:21
(1 day ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2026-07-17 17:40:55
(1 day ago)
(mod_security) mod_security triggered on hostname [redacted] 35.180.71.222 (FR/France/ec2-35-180-71- ...
show more
(mod_security) mod_security triggered on hostname [redacted] 35.180.71.222 (FR/France/ec2-35-180-71-222.eu-west-3.compute.amazonaws.com)
show less
SQL Injection
Anonymous
2026-07-17 17:37:12
(1 day ago)
Bot / seems abusive / Apache connections: 37
DDoS Attack
Web Spam
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-17 17:33:23
(1 day ago)
20 attempts against mh-misbehave-ban on ozone
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 17:01:07
(1 day ago)
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /wp-json/gravitysmtp/v1/tests/mock-data?page=gra ...
show more
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings HTTP/1.1" 404 5027 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.bak HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.old HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.txt HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.json HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.yaml HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.yml HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.ini HTTP/1.1" 403 512 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:19:01:04 +0200] "GET /.aws/credentials.xml HTTP/1.
...
show less
DDoS Attack
Anonymous
2026-07-17 16:55:13
(1 day ago)
(caddyscan) Scanner path probe from 35.180.71.222 (FR/France/ec2-35-180-71-222.eu-west-3.compute.ama ...
show more
(caddyscan) Scanner path probe from 35.180.71.222 (FR/France/ec2-35-180-71-222.eu-west-3.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 35.180.71.222 - - [17/Jul/2026:16:55:09 +0000] "GET /.aws/credentials.bak HTTP/1.1"
[REDACTED] 200 2627 35.180.71.222 - - [17/Jul/2026:16:55:09 +0000] "GET /.aws/credentials.old HTTP/1.1"
[REDACTED] 200 2627 35.180.71.222 - - [17/Jul/2026:16:55:09 +0000] "GET /.aws/credentials.txt HTTP/1.1"
[REDACTED] 200 2627 35.180.71.222 - - [17/Jul/2026:16:55:09 +0000] "GET /.aws/credentials.json HTTP/1.1"
[REDACTED] 200 2627 35.180.71.222 - - [17/Jul/2026:16:55:09 +0000] "GET /.aws/credentials.yaml HTTP/1.1"
show less
Port Scan
๐ฉ๐ช
Serpentex
2026-07-17 16:54:11
(1 day ago)
35.180.71.222 - - [17/Jul/2026:18:54:10 +0200] "GET /.aws/config%00 HTTP/1.1" 400 150 "-" "-"
35.180 ...
show more
35.180.71.222 - - [17/Jul/2026:18:54:10 +0200] "GET /.aws/config%00 HTTP/1.1" 400 150 "-" "-"
35.180.71.222 - - [17/Jul/2026:18:54:10 +0200] "GET /.aws/config%00.css HTTP/1.1" 400 150 "-" "-"
35.180.71.222 - - [17/Jul/2026:18:54:10 +0200] "GET /.aws/config%00.html HTTP/1.1" 400 150 "-" "-"
...
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
mail.avx.gr
2026-07-17 16:24:43
(1 day ago)
Plesk Fail2Ban jail: Plesk-Web-Exploits. Evidence: 35.180.71.222 - - [17/Jul/2026:19:24:42 +0300] "G ...
show more
Plesk Fail2Ban jail: Plesk-Web-Exploits. Evidence: 35.180.71.222 - - [17/Jul/2026:19:24:42 +0300] "GET /.aws/credentials.bak HTTP/1.1" 403 6268 "-" "curl/8.7.1"
show less
Web App Attack
๐ฉ๐ฐ
cybertailor
2026-07-17 16:18:32
(1 day ago)
35.180.71.222 - - [17/Jul/2026:21:18:28 +0500] "GET /wp-json/gravitysmtp/v1/tests/mock-data?page=gra ...
show more
35.180.71.222 - - [17/Jul/2026:21:18:28 +0500] "GET /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings HTTP/1.1" 404 146 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:21:18:28 +0500] "GET /.aws/credentials.bak HTTP/1.1" 404 146 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:21:18:29 +0500] "GET /.aws/credentials.old HTTP/1.1" 404 146 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:21:18:29 +0500] "GET /.aws/credentials.txt HTTP/1.1" 404 146 "-" "curl/8.7.1"
35.180.71.222 - - [17/Jul/2026:21:18:29 +0500] "GET /.aws/credentials.json HTTP/1.1" 404 146 "-" "curl/8.7.1"
...
show less
Port Scan
๐ฌ๐ง
consul.to
2026-07-17 16:00:17
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-07-17 15:56:16
(1 day ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐ฎ๐ฉ
soc-yk
2026-07-17 15:42:10
(1 day ago)
Type: web_scanning
Risk: 100
Events: 653
Evidence:
- Automated hostile web probing detected
- Repea ...
show more
Type: web_scanning
Risk: 100
Events: 653
Evidence:
- Automated hostile web probing detected
- Repeated web scanning activity observed
- Multi-event operational persistence identified
show less
Web App Attack
๐ฉ๐ช
hchristo
2026-07-17 15:32:53
(1 day ago)
[Fri Jul 17 17:32:48.658907 2026] [access_compat:error] [pid 60503:tid 60534] [remote 35.180.71.222: ...
show more
[Fri Jul 17 17:32:48.658907 2026] [access_compat:error] [pid 60503:tid 60534] [remote 35.180.71.222:15334] AH01797: client denied by server configuration: /var/www/hchristo/htdocs/quick-space.de/support.quick-space.de/aws-credentials.yml
[Fri Jul 17 17:32:50.777280 2026] [access_compat:error] [pid 60503:tid 60531] [remote 35.180.71.222:15334] AH01797: client denied by server configuration: /var/www/hchristo/htdocs/quick-space.de/support.quick-space.de/s3cfg.ini
[Fri Jul 17 17:32:51.196318 2026] [access_compat:error] [pid 60503:tid 60547] [remote 35.180.71.222:15334] AH01797: client denied by server configuration: /var/www/hchristo/htdocs/quick-space.de/support.quick-space.de/s3.yml
[Fri Jul 17 17:32:53.287557 2026] [access_compat:error] [pid 60503:tid 60533] [remote 35.180.71.222:15334] AH01797: client denied by server configuration: /var/www/hchristo/htdocs/quick-space.de/support.quick-space.de/serverless.yml
[Fri Jul 17 17:32:53.450721 2026] [access_compat:error] [pid 60503:tid 60515
...
show less
Brute-Force