๐ฉ๐ช
LRob
2026-07-17 16:41:17
(2 hours ago)
CrowdSec: crowdsecurity/http-probing | req: /.env.bak | 11 distinct paths | UA: Mozilla/5.0 (Windows ...
show more
CrowdSec: crowdsecurity/http-probing | req: /.env.bak | 11 distinct paths | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love;
show less
Port Scan
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-17 16:09:52
(3 hours ago)
cloudlinux2 fail2ban: 2026-07-17 18:03:47,516 fail2ban.filter [1598]: INFO [plesk-modsecu ...
show more
cloudlinux2 fail2ban: 2026-07-17 18:03:47,516 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 151.245.90.29 - 2026-07-17 18:03:47cloudlinux2 fail2ban: 2026-07-17 18:04:34,029 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 43.161.249.129 - 2026-07-17 18:04:34cloudlinux2 fail2ban: 2026-07-17 18:04:54,696 fail2ban.filter [1598]: INFO [recidive] Found 43.161.249.129 - 2026-07-17 18:04:54cloudlinux2 fail2ban: 2026-07-17 18:04:54,102 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 43.161.249.129 - 2026-07-17 18:04:54cloudlinux2 fail2ban: 2026-07-17 18:04:54,500 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 43.161.249.129 - 2026-07-17 18:04:54cloudlinux2 fail2ban: 2026-07-17 18:04:54,694 fail2ban.actions [1598]: NOTICE [plesk-modsecurity] Ban 43.161.249.129cloudlinux2 fail2ban: 2026-07-17 18:05:04,376 fail2ban.filter [1598]: INFO [plesk-wordpress] Found 98.159.37.99 - 2026-07-17 18:05:04cloudlinux2 fail2ban: 2026
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:35:51
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:35:43.354416 2026] [security2:error] [pid 5716:tid 5716] [client 43.161.249.129:38978] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.erp.cgautomatizacion.com"] [uri "/.env"] [unique_id "alohnwtZe96hPuQtMPPUhQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:16:11
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:16:07.004215 2026] [security2:error] [pid 716656:tid 716656] [client 43.161.249.129:56048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.title28.itaxcenter.com"] [uri "/.env.development"] [unique_id "aloO9yQCAR07yne36odh7wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:51:27
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:51:19.293585 2026] [security2:error] [pid 32249:tid 32249] [client 43.161.249.129:49352] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ellavandeven.com"] [uri "/.env.development"] [unique_id "aln7F_TyuF4YUk9728oMCgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
sid3windr
2026-07-17 09:38:48
(9 hours ago)
GET /config/secrets.yml (Tarpitted for 4m20s, wasted 15.35kB)
Web App Attack
๐ซ๐ท
breubit
2026-07-17 09:05:09
(10 hours ago)
43.161.249.129 - - [17/Jul/2026:11:05:09 +0200] "GET /wp-config.php.old HTTP/1.1" 404 15428 "-" "Moz ...
show more
43.161.249.129 - - [17/Jul/2026:11:05:09 +0200] "GET /wp-config.php.old HTTP/1.1" 404 15428 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:19:03
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:18:58.634186 2026] [security2:error] [pid 436710:tid 436710] [client 43.161.249.129:54884] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kaplankrew.com"] [uri "/.env.staging"] [unique_id "alnlchruoB8uwXa9xE5E4QAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 08:09:25
(11 hours ago)
(caddyscan) Scanner path probe from 43.161.249.129 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: ...
show more
(caddyscan) Scanner path probe from 43.161.249.129 (HK/Hong Kong/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 43.161.249.129 - - [17/Jul/2026:08:09:18 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 43.161.249.129 - - [17/Jul/2026:08:09:18 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 43.161.249.129 - - [17/Jul/2026:08:09:20 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 43.161.249.129 - - [17/Jul/2026:08:09:20 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 43.161.249.129 - - [17/Jul/2026:08:09:20 +0000] "GET /.env.dev HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-17 08:03:16
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:03:11.047523 2026] [security2:error] [pid 18016:tid 18016] [client 43.161.249.129:45470] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sigiweb.sigi.biz"] [uri "/.env.production"] [unique_id "alnhv0Qrym4OHtgq3JyrngAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:41:51
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:41:47.040817 2026] [security2:error] [pid 26759:tid 26759] [client 43.161.249.129:39128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cressyvideo.com"] [uri "/.env.old"] [unique_id "alncu-HUuwkCjGdMLXRSaQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:10:21
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:10:13.591003 2026] [security2:error] [pid 4771:tid 4771] [client 43.161.249.129:60790] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "summitartists.com"] [uri "/.env.dev"] [unique_id "alnVVXHv-1y6DbK0e5VlBAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
djboddington
2026-07-17 07:06:19
(12 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 06:49:55
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 43.161.249.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:49:50.380081 2026] [security2:error] [pid 320851:tid 320851] [client 43.161.249.129:60942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nivotrol.innovacionesnimba.com"] [uri "/.env.backup"] [unique_id "alnQjosBEP-wRlgQtJS-SQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 04:05:06
(15 hours ago)
Excessive multi-domain requests
Brute-Force