๐ซ๐ท
Murazaki
2026-03-15 23:54:47
(3 months ago)
82.66.93.214 38.242.246.64 - - [15/Mar/2026:08:37:51 +0100] "GET /.env HTTP/1.1" 503 190 "-" "-" "-" ...
show more
82.66.93.214 38.242.246.64 - - [15/Mar/2026:08:37:51 +0100] "GET /.env HTTP/1.1" 503 190 "-" "-" "-"
...
show less
Hacking
๐ซ๐ท
Lino Project
2026-03-15 17:44:18
(3 months ago)
38.242.246.64 - - [15/Mar/2026:18:44:17 +0100] "GET /.env HTTP/1.1" 404 519 "-" "-"
38.242.246.64 - ...
show more
38.242.246.64 - - [15/Mar/2026:18:44:17 +0100] "GET /.env HTTP/1.1" 404 519 "-" "-"
38.242.246.64 - - [15/Mar/2026:18:44:17 +0100] "GET /.env.production HTTP/1.1" 404 410 "-" "-"
38.242.246.64 - - [15/Mar/2026:18:44:17 +0100] "GET /.env.save HTTP/1.1" 404 410 "-" "-"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
kkwemi
2026-03-15 16:33:57
(3 months ago)
Blocked by block-exploit-paths on /_profiler/phpinfo.php
Bad Web Bot
๐ฎ๐ช
RoboSOC
2026-03-15 16:00:22
(3 months ago)
phpunit Remote Code Execution Vulnerability, PTR: vmi2865558.contaboserver.net.
Hacking
๐ซ๐ฎ
misfit
2026-03-15 14:24:12
(3 months ago)
Web scan (5 x 404). Org: AS51167 Contabo GmbH, Lauterbourg, FR.
Brute-Force
Web App Attack
SSH
๐ซ๐ฎ
oh.mg
2026-03-15 13:30:32
(3 months ago)
[Sun Mar 15 14:30:31.382856 2026] [security2:error] [pid 684996:tid 685016] [client 38.242.246.64:58 ...
show more
[Sun Mar 15 14:30:31.382856 2026] [security2:error] [pid 684996:tid 685016] [client 38.242.246.64:58751] [client 38.242.246.64] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/_profiler/phpinfo.php"] [unique_id "aba0d6kjfyVcyyiwgMHNfwAAAJI"]
[Sun Mar 15 14:30:32.009029 2026] [security2:error] [pid 3985666:tid 3985675] [client 38.242.246.64:58938] [client 38.242.246.64] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10
...
show less
Web App Attack
Bad Web Bot
๐ซ๐ท
dynamix
2026-03-15 12:49:25
(3 months ago)
Multiple WAF Violations
Web App Attack
๐จ๐ฟ
rawnullbyte
2026-03-15 09:16:55
(3 months ago)
๐จ Honeypot triggered! ๐ฅ๏ธ System: NPot ๐ฏ Target: Unknown ๐ฃ๏ธ Path: /_profiler/phpinfo.php ๐ค Attacker I ...
show more
๐จ Honeypot triggered! ๐ฅ๏ธ System: NPot ๐ฏ Target: Unknown ๐ฃ๏ธ Path: /_profiler/phpinfo.php ๐ค Attacker IP: 38.242.246.64 โฐ Time: 2026-03-15 09:16:55 ๐ก User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
show less
Web App Attack
๐ธ๐ช
nekopavel
2026-03-15 08:24:15
(3 months ago)
38.242.246.64 - - [15/Mar/2026:09:24:11 +0100]"GET /.env HTTP/1.1" 404 1456"-" 78.69.8.25 "-""0.000" ...
show more
38.242.246.64 - - [15/Mar/2026:09:24:11 +0100]"GET /.env HTTP/1.1" 404 1456"-" 78.69.8.25 "-""0.000" "-""Lauterbourg" "FR"
38.242.246.64 - - [15/Mar/2026:09:24:11 +0100]"GET /config/.env HTTP/1.1" 404 1456"-" 78.69.8.25 "-""0.000" "-""Lauterbourg" "FR"
38.242.246.64 - - [15/Mar/2026:09:24:12 +0100]"GET /.env.production HTTP/1.1" 404 1456"-" 78.69.8.25 "-""0.000" "-""Lauterbourg" "FR"
...
show less
Hacking
Bad Web Bot
Web App Attack
Anonymous
2026-03-15 08:11:51
(3 months ago)
Fail2Ban Log Report 38.242.246.64 - - [15/Mar/2026:09:11:39 +0100] "GET /.env HTTP/1.1" 403 146 "-" ...
show more
Fail2Ban Log Report 38.242.246.64 - - [15/Mar/2026:09:11:39 +0100] "GET /.env HTTP/1.1" 403 146 "-" "-" "-"
38.242.246.64 - [15/Mar/2026:09:11:39 +0100] "GET /.env HTTP/1.1" 403 146 "-" "-" "-" "-"
38.242.246.64 - - [15/Mar/2026:09:11:49 +0100] "GET /config/.env HTTP/1.1" 403 146 "-" "-" "-"
38.242.246.64 - [15/Mar/2026:09:11:49 +0100] "GET /config/.env HTTP/1.1" 403 146 "-" "-" "-" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ฉ๐ช
enjoyably
2026-03-15 08:04:11
(3 months ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐จ๐ญ
GAS
2026-03-15 08:00:59
(3 months ago)
Direct IP access.
38.242.246.64 - - [15/Mar/2026:09:00:56 +0100] "GET / HTTP/1.1" 402 4547 "-" "Mozi ...
show more
Direct IP access.
38.242.246.64 - - [15/Mar/2026:09:00:56 +0100] "GET / HTTP/1.1" 402 4547 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0" "REDACTED" ""
38.242.246.64 - - [15/Mar/2026:09:00:57 +0100] "GET /_profiler/phpinfo.php HTTP/1.1" 402 3192 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0" "REDACTED" ""
...
show less
Port Scan
Web App Attack
๐ฎ๐น
mediarama.com
2026-03-15 07:25:42
(3 months ago)
Banned by Fail2Ban
Web App Attack
๐ฌ๐ง
essinghigh
2026-03-15 07:14:41
(3 months ago)
IPS Detection: 38.242.246.64 -> DPT: 80
Port Scan
๐ซ๐ท
900cm
2026-03-15 06:41:07
(3 months ago)
[Sun Mar 15 07:41:06.132248 2026] [php7:error] [pid 579996:tid 579996] [client 38.242.246.64:62436] ...
show more
[Sun Mar 15 07:41:06.132248 2026] [php7:error] [pid 579996:tid 579996] [client 38.242.246.64:62436] script '/var/www/darkintruder/php_info.php' not found or unable to stat
[Sun Mar 15 07:41:06.674429 2026] [php7:error] [pid 238621:tid 238621] [client 38.242.246.64:62576] script '/var/www/darkintruder/phpinfo.php' not found or unable to stat
[Sun Mar 15 07:41:07.215783 2026] [php7:error] [pid 248014:tid 248014] [client 38.242.246.64:62703] script '/var/www/darkintruder/info.php' not found or unable to stat
...
show less
Port Scan
Brute-Force
SSH