๐ง๐ช
Saec
2026-07-16 14:46:01
(2 days ago)
Jarvis auto-ban: CF top attacker on saec.me (157 hits, BR)
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 07:49:52
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:49:47.746038 2026] [security2:error] [pid 17330:tid 17330] [client 15.229.35.180:40430] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sabras.com"] [uri "/.git/config"] [unique_id "aliNG-8rEAIRP6jPoWj9JgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-16 06:22:46
(2 days ago)
Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b ...
show more
Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b (932235-195)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 05:53:08
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:53:04.709356 2026] [security2:error] [pid 23929:tid 23929] [client 15.229.35.180:37860] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "saberpreview.com.adampayments.com"] [uri "/.git/config"] [unique_id "alhxwBeHprHL7anOffuyuQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 05:27:12
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:27:04.159928 2026] [security2:error] [pid 26821:tid 26821] [client 15.229.35.180:36692] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sabbathschoolguide.com"] [uri "/.git/config"] [unique_id "alhrqG83_4PoCGSIQi7asAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
EGP Abuse Dept
2026-07-16 00:27:24
(2 days ago)
Scanning for web/db/file exploits on s7.sellwise.io
SQL Injection
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-15 22:01:16
(3 days ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-14.
show less
Web App Attack
SSH
Hacking
๐ฉ๐ช
FeG Deutschland
2026-07-15 19:45:14
(3 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27
Exploited Host
Web App Attack
๐ซ๐ท
Octopuce
2026-07-15 03:56:25
(3 days ago)
Aggressive web search of vulnerable pages: /.env /.env.local /app/.env /apps/.env /api/.env ...
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-15 01:03:51
(3 days ago)
Try to access /.git/config
Web App Attack
๐ง๐ช
cmbplf
2026-07-15 00:38:39
(3 days ago)
6.840 requests with url.path *.env
728 requests with url.path *phpinfo.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
IVski
2026-07-14 22:48:00
(4 days ago)
IVski WAF | Sensitive file probe detected - looking for .git
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 18:49:11
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 15.229.35.180 (ec2-15-229-35-180.sa-east-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 14:49:05.530475 2026] [security2:error] [pid 29876:tid 29876] [client 15.229.35.180:38296] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.atm.michaelpmcgrath.com"] [uri "/.git/config"] [unique_id "alaEoU6Qfb4RePfKUfBEVwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-14 16:00:05
(4 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ซ๐ท
breubit
2026-07-14 14:10:48
(4 days ago)
15.229.35.180 - - [14/Jul/2026:16:10:47 +0200] "GET /.env HTTP/1.1" 403 554 "-" "Mozilla/5.0 (X11; L ...
show more
15.229.35.180 - - [14/Jul/2026:16:10:47 +0200] "GET /.env HTTP/1.1" 403 554 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Web App Attack