Anonymous
2026-07-01 04:39:23
(2 weeks ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
π³π±
ItsJustStan
2026-06-17 17:52:14
(4 weeks ago)
Web app attack - scanning for vulnerabilities
Web App Attack
πΊπΈ
paulo.apoloni
2026-06-17 06:19:55
(4 weeks ago)
162.141.167.4 - - [17/Jun/2026:03:19:51 -0300] "GET /backend/.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 ( ...
show more
162.141.167.4 - - [17/Jun/2026:03:19:51 -0300] "GET /backend/.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0"
162.141.167.4 - - [17/Jun/2026:03:19:53 -0300] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
162.141.167.4 - - [17/Jun/2026:03:19:54 -0300] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0"
162.141.167.4 - - [17/Jun/2026:03:19:54 -0300] "GET /.git/config HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109"
162.141.167.4 - - [17/Jun/2026:03:19:54 -0300] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
π©πͺ
Bedios GmbH
2026-06-17 03:50:07
(1 month ago)
Login credentials theft attempt
Hacking
Anonymous
2026-06-17 02:55:12
(1 month ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Web App Attack
Brute-Force
Bad Web Bot
π©πͺ
gadix
2026-06-17 00:55:47
(1 month ago)
[17/Jun/2026:02:55:44.568849 +0200] ajHwkEN6T7-xb9lUOfyIJgAAAFE 162.141.167.4 44612 127.0.0.1 7081
[ ...
show more
[17/Jun/2026:02:55:44.568849 +0200] ajHwkEN6T7-xb9lUOfyIJgAAAFE 162.141.167.4 44612 127.0.0.1 7081
[17/Jun/2026:02:55:44.687785 +0200] ajHwkPtL0hNS9YaHVnwhMgAAAJY 162.141.167.4 44618 127.0.0.1 7081
[17/Jun/2026:02:55:44.936646 +0200] ajHwkPtL0hNS9YaHVnwhNAAAAJc 162.141.167.4 44632 127.0.0.1 7081
...
show less
Web App Attack
π³π±
enpepet
2026-06-16 22:53:01
(1 month ago)
GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/2010010 ...
show more
GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0 URL:/.env.production
show less
Port Scan
Hacking
Brute-Force
Bad Web Bot
π¦πΊ
2000cn.com.au
2026-06-16 21:24:05
(1 month ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
π±πΉ
juozaspo
2026-06-16 20:32:30
(1 month ago)
Automatic Report: Too much requests to non-existing pages in a very short time, auto-banned
Bad Web Bot
Web App Attack
Anonymous
2026-06-16 20:26:32
(1 month ago)
(caddyscan) Scanner path probe from 162.141.167.4 (US/United States/-): 5 in the last 3600 secs; Por ...
show more
(caddyscan) Scanner path probe from 162.141.167.4 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 162.141.167.4 - - [16/Jun/2026:20:26:24 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 162.141.167.4 - - [16/Jun/2026:20:26:25 +0000] "GET /api/.env HTTP/1.1"
[REDACTED] 200 2627 162.141.167.4 - - [16/Jun/2026:20:26:27 +0000] "GET /.env.development HTTP/1.1"
[REDACTED] 200 2627 162.141.167.4 - - [16/Jun/2026:20:26:27 +0000] "GET /backend/.env HTTP/1.1"
[REDACTED] 200 2627 162.141.167.4 - - [16/Jun/2026:20:26:28 +0000] "GET /.git/HEAD HTTP/1.1"
show less
Port Scan
π©πͺ
IVski
2026-06-16 19:48:02
(1 month ago)
IVski WAF | Sensitive file probe detected - looking for .git
Port Scan
Brute-Force
Web App Attack
π¨π¦
ISPLtd
2026-06-16 13:54:16
(1 month ago)
162.141.167.4 - - [16/Jun/2026:10:54:16 -0300] "GET /.env
162.141.167.4 - - [16/Jun/2026:10:54:16 -0 ...
show more
162.141.167.4 - - [16/Jun/2026:10:54:16 -0300] "GET /.env
162.141.167.4 - - [16/Jun/2026:10:54:16 -0300] "GET /.aws/credentials
...
show less
Hacking
Web App Attack
π©πͺ
paissangroup
2026-06-16 10:16:37
(1 month ago)
Multiple WAF Violations
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 10:06:52
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 162.141.167.4 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.141.167.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 06:06:49.484446 2026] [security2:error] [pid 23120:tid 23120] [client 162.141.167.4:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gibit.me"] [uri "/.git/config"] [unique_id "ajEgOeLXJl3GwBXdg9MX_QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TNZ
2026-06-16 09:53:39
(1 month ago)
Automated honeypot: ua_inconsistency | Path: / | ISP: AS19318 Interserver, Inc | ASN: AS19318 Inters ...
show more
Automated honeypot: ua_inconsistency | Path: / | ISP: AS19318 Interserver, Inc | ASN: AS19318 Interserver, Inc [HOSTING] | Abuse score: 100 | Open ports: [22] | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
show less
Web App Attack