Anonymous
2026-07-11 11:32:35
(36 minutes ago)
(mod_security) mod_security triggered on hostname [redacted] 91.192.10.83 (DE/Germany/-)
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-11 11:30:32
(38 minutes ago)
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 07:30:28.794214 2026] [security2:error] [pid 4054:tid 4054] [client 91.192.10.83:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.pixacast.com"] [uri "/.git/HEAD"] [unique_id "alIpVAiR1plc4UAD49b-gAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 11:10:35
(58 minutes ago)
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 07:10:30.677407 2026] [security2:error] [pid 118589:tid 118589] [client 91.192.10.83:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.dentguyvt.com"] [uri "/.git/HEAD"] [unique_id "alIkprTt8dU80LUG3pEN2wAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
SwinT
2026-07-11 11:00:04
(1 hour ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
๐ง๐ท
dominioz
2026-07-11 10:48:47
(1 hour ago)
2026-07-11 10:48:32 GET /.env - - 91.192.10.83 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Ap ...
show more
2026-07-11 10:48:32 GET /.env - - 91.192.10.83 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/147.0.0.0+Safari/537.36 - 301 494
2026-07-11 10:48:32 GET /.env - - 91.192.10.83 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/147.0.0.0+Safari/537.36 https://webfinan.dominioz.com.br/.env 200 6796
2026-07-11 10:48:32 GET /backend/.env - - 91.192.10.83 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+15.7;+rv:149.0)+Gecko/20100101+Firefox/149.0 - 301 510
2026-07-11 10:48:33 GET /.git/config - - 91.192.10.83 HTTP/1.1 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_15_7)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/147.0.0.0+Safari/537.36 - 301 508
...
show less
Web App Attack
Anonymous
2026-07-11 10:32:02
(1 hour ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
๐ซ๐ท
dynamix
2026-07-11 10:11:39
(1 hour ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 06:35:20
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 91.192.10.83 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 02:35:14.314606 2026] [security2:error] [pid 13559:tid 13559] [client 91.192.10.83:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totalsafe-security.com"] [uri "/.git/HEAD"] [unique_id "alHkIhOpL_A8rJV_G_l9cAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-11 04:34:31
(7 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch
Web App Attack
๐ต๐ฑ
nakordoni.eu
2026-07-11 04:00:04
(8 hours ago)
Blocked by nakordoni.eu automated security: nakordoni-probe-gate. Jail: nakordoni-probe-gate, 1 matc ...
show more
Blocked by nakordoni.eu automated security: nakordoni-probe-gate. Jail: nakordoni-probe-gate, 1 matches. ISP: Dominic Scholz trading as ITP-Solutions GmbH & Co. KG (DE), Usage: Data Center/Web Hosting/Transit. Prior AbuseIPDB score at ban time: 100/100.
show less
Bad Web Bot
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-07-11 03:57:19
(8 hours ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐ฎ๐น
Inartis
2026-07-11 03:52:26
(8 hours ago)
91.192.10.83 - - [11/Jul/2026:05:52:24 +0200] "GET /.env HTTP/1.1" 302 469 "-" "Mozilla/5.0 (Macinto ...
show more
91.192.10.83 - - [11/Jul/2026:05:52:24 +0200] "GET /.env HTTP/1.1" 302 469 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0"
91.192.10.83 - - [11/Jul/2026:05:52:25 +0200] "GET /.env.local HTTP/1.1" 302 481 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15_7_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15"
91.192.10.83 - - [11/Jul/2026:05:52:25 +0200] "GET /.env.production HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
largo-it.net
2026-07-10 23:51:46
(12 hours ago)
Jul 11 01:51:40 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:46424 [11/Jul/2026:01:51:40.748] www_fron ...
show more
Jul 11 01:51:40 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:46424 [11/Jul/2026:01:51:40.748] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/49/59 404 3252 - - ---- 53/8/0/0/0 0/0 "GET /env HTTP/1.1"
Jul 11 01:51:41 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:49208 [11/Jul/2026:01:51:41.208] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/83/94 404 3252 - - ---- 65/20/4/4/0 0/0 "GET /config.json HTTP/1.1"
Jul 11 01:51:41 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:49204 [11/Jul/2026:01:51:41.208] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/86/97 404 3252 - - ---- 65/20/3/3/0 0/0 "GET /.aws/credentials HTTP/1.1"
Jul 11 01:51:41 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:49198 [11/Jul/2026:01:51:41.208] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/95/106 404 3252 - - ---- 65/20/2/2/0 0/0 "GET /backend/.env HTTP/1.1"
Jul 11 01:51:41 vps-9f3cdc33 haproxy[144927]: 91.192.10.83:49206 [11/Jul/2026:01:51:41.208] www_frontend~ finance_cluster/finance1
...
show less
Hacking
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-10 23:10:03
(12 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
Anonymous
2026-07-10 22:42:31
(13 hours ago)
(caddyscan) Scanner path probe from 91.192.10.83 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; ...
show more
(caddyscan) Scanner path probe from 91.192.10.83 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.192.10.83 - - [10/Jul/2026:22:42:28 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 91.192.10.83 - - [10/Jul/2026:22:42:28 +0000] "GET /.git/HEAD HTTP/1.1"
[REDACTED] 200 2627 91.192.10.83 - - [10/Jul/2026:22:42:29 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 91.192.10.83 - - [10/Jul/2026:22:42:29 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 91.192.10.83 - - [10/Jul/2026:22:42:29 +0000] "GET /.env.development HTTP/1.1"
show less
Port Scan