๐บ๐ธ
TPI-Abuse
2026-07-16 12:36:00
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 08:35:52.731418 2026] [security2:error] [pid 10110:tid 10110] [client 18.157.80.128:59792] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "filardi.org"] [uri "/.git/config"] [unique_id "aljQKIxSL2hg9xCglxSd3wAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-16 10:05:38
(1 day ago)
Multiple WAF Violations
Web App Attack
๐ง๐ช
cmbplf
2026-07-16 09:27:18
(1 day ago)
3.592 requests with url.path *.env
672 requests with url.path *phpinfo.php
Brute-Force
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-07-16 07:27:39
(1 day ago)
Excessive 404/403 errors
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 07:09:36
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:09:33.484049 2026] [security2:error] [pid 18871:tid 18871] [client 18.157.80.128:45020] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiestadj.com.mx"] [uri "/.git/config"] [unique_id "aliDrWo586PMofS1WY6-XQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
MBombeck
2026-07-16 05:32:06
(1 day ago)
Fail2Ban/traefik-botsearch on apps-01: banned after 5 failures
Web App Attack
๐บ๐ธ
nyt
2026-07-16 02:20:08
(1 day ago)
Sensitive File Probe
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 01:58:47
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 21:58:39.772655 2026] [security2:error] [pid 8954:tid 8954] [client 18.157.80.128:42366] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fibroscopie.net"] [uri "/.git/config"] [unique_id "alg6z4Z__a_FravlXE7v4QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 01:19:28
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.157.80.128 (ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 21:19:21.807765 2026] [security2:error] [pid 14060:tid 14221] [client 18.157.80.128:53010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fibertechsystems.com"] [uri "/.git/config"] [unique_id "algxmeIx9nfzCOCNmE0KFwAAApU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
McClay
2026-07-15 08:08:21
(2 days ago)
Illegal access attempt:18.157.80.128 - - [15/Jul/2026:10:08:21 +0200] "GET /.git/config HTTP/1.1" 40 ...
show more
Illegal access attempt:18.157.80.128 - - [15/Jul/2026:10:08:21 +0200] "GET /.git/config HTTP/1.1" 401 1129 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Hacking
Web App Attack
๐ท๐บ
DZBOT
2026-07-15 07:52:00
(2 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ช๐ธ
alferez
2026-07-15 07:16:19
(2 days ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
Anonymous
2026-07-15 02:23:59
(2 days ago)
(caddyscan) Scanner path probe from 18.157.80.128 (DE/Germany/ec2-18-157-80-128.eu-central-1.compute ...
show more
(caddyscan) Scanner path probe from 18.157.80.128 (DE/Germany/ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 18.157.80.128 - - [15/Jul/2026:02:23:54 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [15/Jul/2026:02:23:54 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [15/Jul/2026:02:23:54 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [15/Jul/2026:02:23:54 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [15/Jul/2026:02:23:54 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
Anonymous
2026-07-14 23:53:14
(2 days ago)
(caddyscan) Scanner path probe from 18.157.80.128 (DE/Germany/ec2-18-157-80-128.eu-central-1.compute ...
show more
(caddyscan) Scanner path probe from 18.157.80.128 (DE/Germany/ec2-18-157-80-128.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 18.157.80.128 - - [14/Jul/2026:23:53:11 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [14/Jul/2026:23:53:11 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [14/Jul/2026:23:53:11 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [14/Jul/2026:23:53:11 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 18.157.80.128 - - [14/Jul/2026:23:53:11 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐ฎ๐น
VHosting
2026-07-14 23:15:04
(2 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack