๐จ๐ฟ
ddw
2026-07-17 07:45:01
(1 hour ago)
Access Violation Attempts - Multiple 403 Forbidden responses.
Hacking
Bad Web Bot
Web App Attack
๐ฌ๐ท
setupgr
2026-07-17 07:38:36
(1 hour ago)
(mod_security) mod_security (id:1000001) triggered by 4.194.217.15 (SG/Singapore/-/Singapore/-/[AS80 ...
show more
(mod_security) mod_security (id:1000001) triggered by 4.194.217.15 (SG/Singapore/-/Singapore/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 86400 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Fri Jul 17 10:38:33.755747 2026] [security2:error] [pid 499248:tid 499384] [client 4.194.217.15:3713] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.dj/index.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "103"] [id "1000001"] [msg "Bad file blocked: /.dj/index.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/.dj/index.php"] [unique_id "alnb-catL5U51SlaimcmpAAABMc"]
show less
Port Scan
๐ฉ๐ช
macrob
2026-07-17 07:26:06
(1 hour ago)
2026/07/17 07:26:04 [error] 4078987#4078987: *383120557 access forbidden by rule, client: 4.194.217. ...
show more
2026/07/17 07:26:04 [error] 4078987#4078987: *383120557 access forbidden by rule, client: 4.194.217.15, server: infinsa.com, request: "GET /.dj/index.php HTTP/2.0", host: "infinsa.com"
2026/07/17 07:26:04 [error] 4078987#4078987: *383120566 access forbidden by rule, client: 4.194.217.15, server: infinsa.com, request: "GET /.tmb/ HTTP/2.0", host: "infinsa.com"
2026/07/17 07:26:04 [error] 4078987#4078987: *383120572 access forbidden by rule, client: 4.194.217.15, server: infinsa.com, request: "GET /.trash7206/index.php HTTP/2.0", host: "infinsa.com"
...
show less
Web App Attack
๐บ๐ธ
WizardsToolkit
2026-07-17 07:11:34
(1 hour ago)
attempted to access /404.php
Web App Attack
๐ซ๐ท
largo-it.net
2026-07-17 06:52:08
(2 hours ago)
Jul 17 08:52:06 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:06.014] www_fron ...
show more
Jul 17 08:52:06 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:06.014] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/66/76 404 3252 - - ---- 72/10/0/0/0 0/0 "GET /.dj/index.php HTTP/1.1"
Jul 17 08:52:06 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:06.259] www_frontend~ finance_cluster/finance1_test1_https 0/0/12/45/57 404 3252 - - ---- 68/9/0/0/0 0/0 "GET /.tmb/ HTTP/1.1"
Jul 17 08:52:06 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:06.481] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/139/149 404 3252 - - ---- 64/8/0/0/0 0/0 "GET /.trash7206/index.php HTTP/1.1"
Jul 17 08:52:06 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:06.796] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/69/79 404 3252 - - ---- 60/7/0/0/0 0/0 "GET /.well-known/ HTTP/1.1"
Jul 17 08:52:07 vps-9f3cdc33 haproxy[1195832]: 4.194.217.15:2293 [17/Jul/2026:08:52:07.040] www_frontend~ finance_cluster/f
...
show less
Hacking
Bad Web Bot
Web App Attack
๐ต๐ฑ
miriks
2026-07-17 06:28:43
(2 hours ago)
Automated scan detected: GET /.well-known/ โ UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebK ...
show more
Automated scan detected: GET /.well-known/ โ UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
๐ซ๐ท
lindi
2026-07-17 06:01:56
(2 hours ago)
Probing for resource vulnerabilities
...
Web Spam
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
webanyone
2026-07-17 06:00:50
(2 hours ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐ฎ๐ณ
evicky2002
2026-07-17 06:00:00
(2 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ซ๐ท
AGEPCom
2026-07-17 05:34:47
(3 hours ago)
Smart-Ban: IP bannie via score AbuseIPDB
Brute-Force
Web App Attack
Anonymous
2026-07-17 05:32:10
(3 hours ago)
Automated Report: Fail2Ban block triggered by nginx-botsearch jail.
Brute-Force
SSH
๐ซ๐ฎ
Christopher Hughes
2026-07-17 05:25:52
(3 hours ago)
[Fri Jul 17 06:25:51.575406 2026] [proxy_fcgi:error] [pid 1871608:tid 139826099623488] [client 4.194 ...
show more
[Fri Jul 17 06:25:51.575406 2026] [proxy_fcgi:error] [pid 1871608:tid 139826099623488] [client 4.194.217.15:3117] AH01071: Got error 'Primary script unknown'
[Fri Jul 17 06:25:51.767950 2026] [proxy_fcgi:error] [pid 1871608:tid 139824925234752] [client 4.194.217.15:3117] AH01071: Got error 'Primary script unknown'
[Fri Jul 17 06:25:51.966569 2026] [proxy_fcgi:error] [pid 1871608:tid 139824933627456] [client 4.194.217.15:3117] AH01071: Got error 'Primary script unknown'
[Fri Jul 17 06:25:52.157689 2026] [proxy_fcgi:error] [pid 1871608:tid 139826634544704] [client 4.194.217.15:3117] AH01071: Got error 'Primary script unknown'
[Fri Jul 17 06:25:52.349898 2026] [proxy_fcgi:error] [pid 1871608:tid 139826544240192] [client 4.194.217.15:3117] AH01071: Got error 'Primary script unknown'
...
show less
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-07-17 05:14:23
(3 hours ago)
286 attacks on PHP URLs:
GET /404.php HTTP/1.1
Web App Attack
๐ฆ๐บ
Klaverstyn
2026-07-17 05:10:39
(3 hours ago)
Excessive HTTP request rate
Web App Attack
Anonymous
2026-07-17 04:05:03
(4 hours ago)
Unknown PHP script access detected by Fail2Ban
Web App Attack