Anonymous
2026-07-17 06:10:02
(9 minutes ago)
(caddyscan) Scanner path probe from 13.124.177.160 (KR/South Korea/ec2-13-124-177-160.ap-northeast-2 ...
show more
(caddyscan) Scanner path probe from 13.124.177.160 (KR/South Korea/ec2-13-124-177-160.ap-northeast-2.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 13.124.177.160 - - [17/Jul/2026:06:09:56 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 13.124.177.160 - - [17/Jul/2026:06:09:57 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 13.124.177.160 - - [17/Jul/2026:06:09:57 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 13.124.177.160 - - [17/Jul/2026:06:09:57 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 13.124.177.160 - - [17/Jul/2026:06:09:57 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐ช๐ธ
alferez
2026-07-17 03:01:19
(3 hours ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
Anonymous
2026-07-17 02:02:44
(4 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 00:29:11
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast ...
show more
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:29:05.232849 2026] [security2:error] [pid 7178:tid 7178] [client 13.124.177.160:41136] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ashtangayogamelbourne.com"] [uri "/.git/config"] [unique_id "all3USoz24IlsaC0dT6msgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฟ๐ฆ
conure
2026-07-16 22:33:53
(7 hours ago)
csagent: score 20.5: secrets grab x2, 404 noise floor x2; 1 domain(s) in 0s
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:01:08
(8 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-15.
show less
Web App Attack
SSH
Hacking
Anonymous
2026-07-16 14:10:05
(16 hours ago)
| Suspicious URL access.
Web App Attack
Hacking
SQL Injection
๐ณ๐ฑ
Mangelot Hosting
2026-07-16 13:32:21
(16 hours ago)
(modsecurity) srv101 ModSecurity 13.124.177.160 (KR/South Korea/ec2-13-124-177-160.ap-northeast-2.co ...
show more
(modsecurity) srv101 ModSecurity 13.124.177.160 (KR/South Korea/ec2-13-124-177-160.ap-northeast-2.compute.amazonaws.com): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-16 03:12:07
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 00:36:34
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast ...
show more
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 20:36:27.440865 2026] [security2:error] [pid 5486:tid 5486] [client 13.124.177.160:50772] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.affairedefemmes.net"] [uri "/.git/config"] [unique_id "algni9XqesmLaYdKXycCYwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-15 21:42:08
(1 day ago)
Try to access /installatietechniek//.git/config
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 05:19:32
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast ...
show more
(mod_security) mod_security (id:210492) triggered by 13.124.177.160 (ec2-13-124-177-160.ap-northeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 01:19:26.025326 2026] [security2:error] [pid 31479:tid 31479] [client 13.124.177.160:55500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.indyrheumatology.com"] [uri "/.git/config"] [unique_id "alcYXp89GoPlturI0RhOPwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-14 20:25:03
(2 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-14 18:15:24
(2 days ago)
20 attempts against mh-misbehave-ban on orcus
Brute-Force
Bad Web Bot
Web App Attack