Anonymous
2026-05-26 03:34:40
(1 month ago)
[Drupal AbuseIPDB module] Request path is blacklisted. /wp-includes/speculative8.php
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-05-26 03:24:23
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ซ๐ท
bazter.pro
2026-05-26 03:19:24
(1 month ago)
Fail2Ban: plesk-bot-aggressive - 15 failures
Port Scan
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 03:02:25
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 23:02:18.355990 2026] [security2:error] [pid 9820:tid 9838] [client 54.210.148.167:59782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "greaternorthmiami.org"] [uri "/.env"] [unique_id "ahUNOgFNW4e8TFDspSqVsQAAAM4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ท
baku.hosting
2026-05-26 01:46:08
(1 month ago)
CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 54.210.148.167 (US/United Stat ...
show more
CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 54.210.148.167 (US/United States/ec2-54-210-148-167.compute-1.amazonaws.com): 5 in the last 3600 secs
show less
Brute-Force
Web App Attack
๐ฌ๐ง
andypiper
2026-05-26 01:01:18
(1 month ago)
CrowdSec ban for AbuseIPDB Top List
Brute-Force
Web App Attack
๐ฉ๐ช
Philister11
2026-05-26 00:58:25
(1 month ago)
CrowdSec: crowdsecurity/http-probing (US/AS14618)
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-26 00:45:42
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 20:45:38.833112 2026] [security2:error] [pid 3094:tid 3094] [client 54.210.148.167:60642] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cosplayculture.com"] [uri "/.env"] [unique_id "ahTtMmO_fQ_DFRFMO29NgAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
Inartis
2026-05-26 00:45:15
(1 month ago)
54.210.148.167 - - [26/May/2026:02:45:13 +0200] "GET /.env HTTP/1.1" 403 7871 "-" "Mozilla/5.0 (Maci ...
show more
54.210.148.167 - - [26/May/2026:02:45:13 +0200] "GET /.env HTTP/1.1" 403 7871 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15"
54.210.148.167 - - [26/May/2026:02:45:13 +0200] "GET /.env.bak HTTP/1.1" 403 7871 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
54.210.148.167 - - [26/May/2026:02:45:14 +0200] "GET /.env.old HTTP/1.1" 403 7871 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Matthew Ping
2026-05-26 00:15:02
(1 month ago)
ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-26 00:12:31
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.210.148.167 (ec2-54-210-148-167.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 20:12:24.193341 2026] [security2:error] [pid 16830:tid 16830] [client 54.210.148.167:54996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grasslakepizzatime.com"] [uri "/.env"] [unique_id "ahTlaFH-IFi5tyKfZzdS8AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐ด
iulianh
2026-05-26 00:04:22
(1 month ago)
*
Brute-Force
SSH
๐บ๐ธ
Mundo Bueno
2026-05-26 00:03:33
(1 month ago)
[ISILIA Protection v2.1] Tentative d'accรจs: /.env | Pays: US | UA: Mozilla/5.0 (X11; Linux x86_64) A ...
show more
[ISILIA Protection v2.1] Tentative d'accรจs: /.env | Pays: US | UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.3
show less
Hacking
Web App Attack
๐บ๐ธ
mw
2026-05-26 00:00:42
(1 month ago)
GET /.env HTTP/1.1
Web App Attack
๐ฉ๐ช
itsolon
2026-05-25 23:55:43
(1 month ago)
[26/May/2026:01:55:42 +0200] 177975334258.226051 54.210.148.167 51351 217.154.7.177 443
[26/May/2026 ...
show more
[26/May/2026:01:55:42 +0200] 177975334258.226051 54.210.148.167 51351 217.154.7.177 443
[26/May/2026:01:55:42 +0200] 17797533422.578134 54.210.148.167 51351 217.154.7.177 443
[26/May/2026:01:55:42 +0200] 177975334242.008090 54.210.148.167 51351 217.154.7.177 443
[26/May/2026:01:55:42 +0200] 177975334239.857128 54.210.148.167 51351 217.154.7.177 443
[26/May/2026:01:55:42 +0200] 177975334263.795961 54.210.148.167 51351 217.154.7.177 443
...
show less
Port Scan
Hacking
Brute-Force
Web App Attack