๐ซ๐ท
guillaume illien
2026-07-06 02:03:42
(1 hour ago)
52.53.236.252 - - [06/Jul/2026:02:03:39 +0000] "GET /.env.production?v=iVXpP&_=Vgqlv7kb HTTP/1.1" 30 ...
show more
52.53.236.252 - - [06/Jul/2026:02:03:39 +0000] "GET /.env.production?v=iVXpP&_=Vgqlv7kb HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15"
52.53.236.252 - - [06/Jul/2026:02:03:39 +0000] "GET /.env.production.local?v=NRH2x&_=pUVw6KFx HTTP/1.1" 301 178 "https://bing.com/search" "Mozilla/5.0 (Linux; Android 14; SM-S928B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36"
52.53.236.252 - - [06/Jul/2026:02:03:40 +0000] "GET /.env.profile?v=Mu0vc&_=eSroAnCQ HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.53.236.252 - - [06/Jul/2026:02:03:41 +0000] "GET /.env.prometheus?v=BMByb&_=uWOo3hiL HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0
...
show less
Hacking
Brute-Force
Web App Attack
SSH
๐บ๐ธ
kosada.com
2026-07-06 01:52:04
(1 hour ago)
Web vulnerability probing: /nonexistent-163394427.php (bogus vhost/SNI)
Web App Attack
๐ซ๐ท
guillaume illien
2026-07-06 01:41:27
(1 hour ago)
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000] "GET //aws/.env.local?_=TeSGahor HTTP/1.1" 301 178 "h ...
show more
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000] "GET //aws/.env.local?_=TeSGahor HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000] "GET //aws.yaml?_=k6pXmAFD HTTP/1.1" 301 178 "https://duckduckgo.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000] "GET //aws.yml?_=gLhLkLJY HTTP/1.1" 301 178 "https://bing.com/search" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15"
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000] "GET //aws.js?_=8iUDtr6A HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.53.236.252 - - [06/Jul/2026:01:41:26 +0000]
...
show less
Hacking
Brute-Force
Web App Attack
SSH
๐ซ๐ท
guillaume illien
2026-07-06 01:21:00
(2 hours ago)
52.53.236.252 - - [06/Jul/2026:01:20:59 +0000] "GET //actuator/configprops?_=vOrrYGx0 HTTP/1.1" 301 ...
show more
52.53.236.252 - - [06/Jul/2026:01:20:59 +0000] "GET //actuator/configprops?_=vOrrYGx0 HTTP/1.1" 301 178 "https://duckduckgo.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15"
52.53.236.252 - - [06/Jul/2026:01:20:59 +0000] "GET //actuator/features?_=IGmNo9sh HTTP/1.1" 301 178 "https://duckduckgo.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15"
52.53.236.252 - - [06/Jul/2026:01:20:59 +0000] "GET //actuator/beans?_=pzkSXJGD HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"
52.53.236.252 - - [06/Jul/2026:01:21:00 +0000] "GET //actions/.env?_=3CX7YOij HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"
52.53.236.252 - - [06/Jul/2026:01:21:00
...
show less
Hacking
Brute-Force
Web App Attack
SSH
๐ซ๐ท
guillaume illien
2026-07-06 00:57:41
(2 hours ago)
52.53.236.252 - - [06/Jul/2026:00:47:24 +0000] "GET //.env.linode?_=o7LAr8ht HTTP/1.1" 301 178 "http ...
show more
52.53.236.252 - - [06/Jul/2026:00:47:24 +0000] "GET //.env.linode?_=o7LAr8ht HTTP/1.1" 301 178 "https://bing.com/search" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.53.236.252 - - [06/Jul/2026:00:47:24 +0000] "GET //.env.llm?_=gbuKamjh HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.53.236.252 - - [06/Jul/2026:00:57:40 +0000] "GET //.env.xml?_=gVEvrrGA HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Linux; Android 14; SM-S928B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/24.0 Chrome/117.0.0.0 Mobile Safari/537.36"
52.53.236.252 - - [06/Jul/2026:00:57:40 +0000] "GET //.env.yaml?_=PxiZWbW6 HTTP/1.1" 301 178 "https://bing.com/search" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.82 M
...
show less
Hacking
Brute-Force
Web App Attack
SSH
๐ซ๐ท
LRob
2026-07-06 00:34:18
(2 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/%2eenv.bak?v=DGuIL\u0026_=VU1QdPfD","/%2F.env ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/%2eenv.bak?v=DGuIL\u0026_=VU1QdPfD","/%2F.env?v=s26si\u0026_=34bDm83K","//.backup.sql?_=cyPOzXon","//%2F.env?_=Uxdh7wvB","//%2eenv.bak?_=Z1h2og4A"] | UA: ["Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.82 Mobile Safari/537.36","Mozilla/5.0 (Windows
show less
Hacking
๐ซ๐ท
guillaume illien
2026-07-06 00:34:08
(2 hours ago)
52.53.236.252 - - [06/Jul/2026:00:34:04 +0000] "GET /?_=JzIn9tgj HTTP/1.1" 301 178 "https://www.goog ...
show more
52.53.236.252 - - [06/Jul/2026:00:34:04 +0000] "GET /?_=JzIn9tgj HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0"
52.53.236.252 - - [06/Jul/2026:00:34:04 +0000] "GET /nonexistent-239236791.php?_=jkJg3pSZ HTTP/1.1" 301 178 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"
52.53.236.252 - - [06/Jul/2026:00:34:05 +0000] "GET /?_=TzVbTnMH HTTP/1.1" 301 178 "https://bing.com/search" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
52.53.236.252 - - [06/Jul/2026:00:34:05 +0000] "GET /.git/HEAD?_=rN3oTrPm HTTP/1.1" 301 178 "https://google.com/search?q=site:example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
52.53.236.252 - - [06/Jul/2026:00:34:0
...
show less
Hacking
Brute-Force
Web App Attack
SSH
Anonymous
2026-07-05 18:55:12
(8 hours ago)
Automated IP Abuse Submission report.
Categories: Brute Force / Web App Attack
Brute-Force
SSH
๐ณ๐ฟ
Antinson
2026-07-05 15:33:19
(11 hours ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐บ๐ธ
Operator873
2026-07-05 14:51:34
(12 hours ago)
2026/07/05 09:51:31 [error] 1115112#0: *1166884 access forbidden by rule, client: 52.53.236.252, ser ...
show more
2026/07/05 09:51:31 [error] 1115112#0: *1166884 access forbidden by rule, client: 52.53.236.252, server: [OBFUSCATED], request: "GET /?_=CbDZTfo5 HTTP/1.1", host: "45.19.251.225", referrer: "https://www.google.com/"
2026/07/05 09:51:31 [error] 1115112#0: *1166884 access forbidden by rule, client: 52.53.236.252, server: [OBFUSCATED], request: "GET /?_=CbDZTfo5 HTTP/1.1", host: "45.19.251.225", referrer: "https://www.google.com/"
2026/07/05 09:51:31 [error] 1115112#0: *1166882 access forbidden by rule, client: 52.53.236.252, server: [OBFUSCATED], request: "GET /nonexistent-539594413.php?_=F33s6mbf HTTP/1.1", host: "45.19.251.225", referrer: "https://duckduckgo.com/"
2026/07/05 09:51:31 [error] 1115112#0: *1166882 access forbidden by rule, client: 52.53.236.252, server: [OBFUSCATED], request: "GET /nonexistent-539594413.php?_=F33s6mbf HTTP/1.1", host: "45.19.251.225", referrer: "https://duckduckgo.com/"
2026/07/05 09:51:31 [error] 1115112#0: *1166882 access forbidden by rule,
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-05 14:19:40
(13 hours ago)
CrowdSec: lrob/default-vhost-scan | req: ["/%2eenv.local?v=Cwtcd\u0026_=5plM8S32","/%2F.env?v=SHrAi\ ...
show more
CrowdSec: lrob/default-vhost-scan | req: ["/%2eenv.local?v=Cwtcd\u0026_=5plM8S32","/%2F.env?v=SHrAi\u0026_=b4OrlidA","/%252eenv?v=dvgUZ\u0026_=D4W0frcL"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36","Mozilla/5.0 (Linux; Android 14; Pi
show less
Port Scan
Bad Web Bot
๐บ๐ธ
mnsf
2026-07-05 13:05:02
(14 hours ago)
Abuse Detected (56)
Brute-Force
Web App Attack
๐ฎ๐ช
AutosOnShow
2026-07-05 09:31:05
(17 hours ago)
blocked for webapp attack | path requested: / | seen at 2026-07-05 09:30:28.827 |
Web App Attack
๐ฎ๐ช
AutosOnShow
2026-07-05 09:10:06
(18 hours ago)
blocked for webapp attack | path requested: /codeigniter/application/config/ | seen at 2026-07-05 09 ...
show more
blocked for webapp attack | path requested: /codeigniter/application/config/ | seen at 2026-07-05 09:09:21.297 |
show less
Web App Attack
๐ฎ๐ช
AutosOnShow
2026-07-05 08:54:05
(18 hours ago)
blocked for webapp attack | path requested: /cgi/.env | seen at 2026-07-05 08:53:52.365 |
Web App Attack