๐ฎ๐ณ
evicky2002
2026-07-18 06:00:00
(5 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ฒ๐ฝ
octageeks.com
2026-07-18 04:13:02
(7 hours ago)
Wordpress malicious attack:[octablocked]
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 22:03:36
(13 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-16.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
dtorrer
2026-07-17 16:05:29
(19 hours ago)
General vulnerability scan.
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-17 13:27:06
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:26:59.247066 2026] [security2:error] [pid 6257:tid 6257] [client 18.168.222.209:36358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dougwong.dvdmasters.com"] [uri "/.env"] [unique_id "aloto4hwgMjhOYSVch_wPgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 13:09:21
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 09:09:13.829632 2026] [security2:error] [pid 9695:tid 9695] [client 18.168.222.209:15164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.8070tas.consorciolegal.com"] [uri "/.env"] [unique_id "alopecwahpu32_FaJT59nwAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:36:32
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:36:25.487817 2026] [security2:error] [pid 260931:tid 260931] [client 18.168.222.209:50122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.thewhispertwins.com"] [uri "/.env.local"] [unique_id "alohyX8aYBCT375FwSworwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:57:37
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:57:30.966973 2026] [security2:error] [pid 16105:tid 16105] [client 18.168.222.209:27800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rejuvenationsystems.com"] [uri "/.env.production"] [unique_id "aloYqunI_WpDP17B8WS4EAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:42:35
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:42:30.714418 2026] [security2:error] [pid 737891:tid 737891] [client 18.168.222.209:58192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrsreclamation.com"] [uri "/.env"] [unique_id "aloVJo1UyLBr8qfl6i0K2QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:20:26
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:20:19.366746 2026] [security2:error] [pid 24660:tid 24660] [client 18.168.222.209:38846] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.forms.kanata.ws"] [uri "/.env.prod"] [unique_id "aloP88z7FwFqTLGlg_VpYQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:47:47
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:47:41.412291 2026] [security2:error] [pid 874626:tid 874633] [client 18.168.222.209:59604] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.royalmanagementsociety.com.aafm.us"] [uri "/.env"] [unique_id "aloITfbP9T8vCu_QvDd8HAAAAEU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 10:04:41
(1 day ago)
18.168.222.209 - - [17/Jul/2026:12:04:37 +0200] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windo ...
show more
18.168.222.209 - - [17/Jul/2026:12:04:37 +0200] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
18.168.222.209 - - [17/Jul/2026:12:04:37 +0200] "GET /.env.local HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
18.168.222.209 - - [17/Jul/2026:12:04:38 +0200] "GET /.env.production HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
18.168.222.209 - - [17/Jul/2026:12:04:38 +0200] "GET /.env.development HTTP/1.1" 403 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:40:30
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:40:23.861915 2026] [security2:error] [pid 969179:tid 969179] [client 18.168.222.209:48946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carmichaellaw.org"] [uri "/.env"] [unique_id "aln4h-dAWGgcVELe04GfwAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Aetherweb Ark
2026-07-17 08:49:23
(1 day ago)
(mod_security) mod_security (id:949110) triggered by 18.168.222.209 (GB/United Kingdom/ec2-18-168-22 ...
show more
(mod_security) mod_security (id:949110) triggered by 18.168.222.209 (GB/United Kingdom/ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): N in the last X secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:20:21
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.co ...
show more
(mod_security) mod_security (id:210492) triggered by 18.168.222.209 (ec2-18-168-222-209.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:20:15.173812 2026] [security2:error] [pid 385183:tid 385183] [client 18.168.222.209:55724] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardner.farm.brazilianbottom.com"] [uri "/.env.dev"] [unique_id "alnlv8VZ-q-GITo0yv9OSgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack