π¬π·
JCB
2026-06-18 13:24:00
(4 days ago)
52.91.90.13 - - [17/Jun/2026:19:43:00 +0300] "POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/ ...
show more
52.91.90.13 - - [17/Jun/2026:19:43:00 +0300] "POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36"
52.91.90.13 - - [17/Jun/2026:19:43:00 +0300] "GET /___proxy_subdomain_whm/login/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
...
show less
Web App Attack
Hacking
πΊπΈ
gu-alvareza
2026-06-18 07:05:17
(4 days ago)
Spring.Boot.Actuator.Unauthorized.Access
Brute-Force
πΊπΈ
mnsf
2026-06-18 01:11:07
(4 days ago)
Too many Status 50X (54)
Scanning/Probing (27)
Brute-Force
Web App Attack
π§πΎ
lns.bz
2026-06-18 00:01:20
(4 days ago)
.env scanning [BY]
Web App Attack
2026-06-17 21:34:46
(4 days ago)
"GET /.git/config HTTP/1.1"
Hacking
Web App Attack
π―π΅
HeliJP
2026-06-17 17:45:46
(4 days ago)
2026-06-17T16:57:01Z - Recognized attacks\bad behavior from IP address 52.91.90.13 on port 443\80 (5 ...
show more
2026-06-17T16:57:01Z - Recognized attacks\bad behavior from IP address 52.91.90.13 on port 443\80 (52 daily hits): client denied by server configuration
show less
Port Scan
Hacking
SQL Injection
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-17 17:37:52
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 52.91.90.13 (ec2-52-91-90-13.compute-1.amazonaw ...
show more
(mod_security) mod_security (id:210492) triggered by 52.91.90.13 (ec2-52-91-90-13.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 13:37:44.908008 2026] [security2:error] [pid 14721:tid 14721] [client 52.91.90.13:38222] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.168"] [uri "/.git/HEAD"] [unique_id "ajLbaCGk1pegYR5G6AlFfQAAAD8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
gadix
2026-06-17 17:36:39
(4 days ago)
[17/Jun/2026:19:36:38.073477 +0200] ajLbJjrfOtimKMS_N880wwAAAAA 52.91.90.13 44470 127.0.0.1 7080
[17 ...
show more
[17/Jun/2026:19:36:38.073477 +0200] ajLbJjrfOtimKMS_N880wwAAAAA 52.91.90.13 44470 127.0.0.1 7080
[17/Jun/2026:19:36:38.263892 +0200] ajLbJvPCHMFYI5bASELKpgAAAAU 52.91.90.13 44476 127.0.0.1 7080
[17/Jun/2026:19:36:38.452481 +0200] ajLbJq_6jmh2h7yXV8G7bwAAAAM 52.91.90.13 44490 127.0.0.1 7080
...
show less
Web App Attack
π©πͺ
dpsbs
2026-06-17 17:29:17
(4 days ago)
url scanning on multiple public ips detected
Bad Web Bot
πΉπ
MWA SOC
2026-06-17 17:21:19
(4 days ago)
Hacking
πΊπΈ
TPI-Abuse
2026-06-17 17:16:40
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 52.91.90.13 (ec2-52-91-90-13.compute-1.amazonaw ...
show more
(mod_security) mod_security (id:210492) triggered by 52.91.90.13 (ec2-52-91-90-13.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 13:16:33.749359 2026] [security2:error] [pid 4796:tid 4796] [client 52.91.90.13:47172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.96"] [uri "/.git/HEAD"] [unique_id "ajLWccrWN17Foe0_aKfzTwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
sid3windr
2026-06-17 17:10:55
(4 days ago)
GET /.git/HEAD (Tarpitted for , wasted 120B)
Web App Attack
π«π·
Octopuce
2026-06-17 17:04:58
(4 days ago)
Aggressive web search of vulnerable pages: /.git/logs/HEAD /.env /.env.local /config/database.yml /b ...
show more
Aggressive web search of vulnerable pages: /.git/logs/HEAD /.env /.env.local /config/database.yml /backup.sql ...
show less
Web App Attack
π³π±
soverin
2026-06-17 17:02:13
(4 days ago)
Network scan on port 80
Email Spam
π©πͺ
Nightreaver
2026-06-17 16:59:03
(4 days ago)
52.91.90.13 - - [17/Jun/2026:18:59:01 0200] "GET /.git/refs/heads/master HTTP/1.1" 404 457 "-" "Moz ...
show more
52.91.90.13 - - [17/Jun/2026:18:59:01 0200] "GET /.git/refs/heads/master HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.91.90.13 - - [17/Jun/2026:18:59:01 0200] "GET /.git/refs/heads/main HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
52.91.90.13 - - [17/Jun/2026:18:59:01 0200] "GET /.git/index HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
52.91.90.13 - - [17/Jun/2026:18:59:02 0200] "GET /.env HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.91.90.13 - - [17/Jun/2026:18:59:02 0200] "GET /.env.local HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chr[...]
show less
Bad Web Bot
Web App Attack