πΊπΈ
antlac1
2026-07-06 18:12:27
(1 week ago)
crowdsecurity/http-backdoors-attempts
Brute-Force
Web App Attack
π¬π§
Smish
2026-06-27 11:58:54
(2 weeks ago)
HONEYPOT HIT --> Fail2ban time=1782561532 log=2026-06-27T12:58:52+01:00 ip=82.118.29.215 host=direct ...
show more
HONEYPOT HIT --> Fail2ban time=1782561532 log=2026-06-27T12:58:52+01:00 ip=82.118.29.215 host=direct.smishcraft.com method=GET uri="/.env.production" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" ref="-" rid=bcfba50bb902f6315ef07b9dbc187841
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-27 11:35:30
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 07:35:09.880767 2026] [security2:error] [pid 31465:tid 31465] [client 82.118.29.215:50145] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.johneiden.com"] [uri "/.env.staging"] [unique_id "aj-1bSSVlCMJMM9fdlsSuAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-27 10:56:22
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:55:57.042789 2026] [security2:error] [pid 28957:tid 28957] [client 82.118.29.215:22185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "heytechiesshow.com"] [uri "/.git/HEAD"] [unique_id "aj-sPQYKrr1Lrmfyqxw0NwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Mykola Spesivtsev
2026-06-27 09:36:38
(2 weeks ago)
HTTP Tarpit detected bot activity:TargetPort:443, Path:/artisan, Method:GET, UA:Mozilla/5.0 (Windows ...
show more
HTTP Tarpit detected bot activity:TargetPort:443, Path:/artisan, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-27 07:56:32
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 03:55:51.508471 2026] [security2:error] [pid 6629:tid 6629] [client 82.118.29.215:24927] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/npm-debug.log" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.iwsa.info"] [uri "/npm-debug.log"] [unique_id "aj-CB4_wHv0e6QmwUKF5tgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Mykola Spesivtsev
2026-06-27 07:15:19
(2 weeks ago)
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env.test, Method:GET, UA:Mozilla/5.0 (Window ...
show more
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env.test, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
show less
Port Scan
Web App Attack
Bad Web Bot
π¬π§
Marten Mark
2026-06-27 06:16:33
(2 weeks ago)
82.118.29.215 - - [27/Jun/2026:06:16:32 +0000] "GET /.env.production HTTP/1.1" 404 552 "-" "Mozilla/ ...
show more
82.118.29.215 - - [27/Jun/2026:06:16:32 +0000] "GET /.env.production HTTP/1.1" 404 552 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36"
...
show less
Web App Attack
Bad Web Bot
π©πͺ
Mykola Spesivtsev
2026-06-27 04:51:20
(2 weeks ago)
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.gitignore, Method:GET, UA:Mozilla/5.0 (X11; ...
show more
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.gitignore, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
Bad Web Bot
π©πͺ
Mykola Spesivtsev
2026-06-27 03:43:58
(2 weeks ago)
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux ...
show more
HTTP Tarpit detected bot activity:TargetPort:80, Path:/.env, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
Bad Web Bot
π©πͺ
Mykola Spesivtsev
2026-06-27 02:55:05
(2 weeks ago)
HTTP Tarpit detected bot activity:TargetPort:443, Path:/.git/config, Method:GET, UA:Mozilla/5.0 (Win ...
show more
HTTP Tarpit detected bot activity:TargetPort:443, Path:/.git/config, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
show less
Port Scan
Web App Attack
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-27 02:10:58
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 82.118.29.215 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:09:50.003250 2026] [security2:error] [pid 19197:tid 19197] [client 82.118.29.215:25573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trafficstopper.com"] [uri "/.env.old"] [unique_id "aj8w7glK10eh24yzv3mmkQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
mccsoft.io
2026-06-27 00:09:43
(2 weeks ago)
Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to ...
show more
Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to our public nginx web server on TCP 80/443, probing blocked/sensitive paths; all returned HTTP 444 (connection closed by security rule, jail nginx-444). Sample requests: GET /.env.bak. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.3. Observed 2026-06-27 00:06:27 UTC. TCP handshake completed (requests fully received). Categories: Web App Attack / Bad Web Bot.
show less
Bad Web Bot
Web App Attack
π©πͺ
kkwemi
2026-06-26 20:34:30
(2 weeks ago)
Blocked by block-exploit-paths on /.env.prod
Bad Web Bot
Anonymous
2026-06-26 18:37:17
(2 weeks ago)
82.118.29.215 - - [26/Jun/2026:18:37:16 +0000] "GET /.env.local HTTP/1.1" 404 6978 "-" "Mozilla/5.0 ...
show more
82.118.29.215 - - [26/Jun/2026:18:37:16 +0000] "GET /.env.local HTTP/1.1" 404 6978 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.3 Safari/605.1.15"
...
show less
Brute-Force
Web App Attack