๐ฉ๐ช
big-cloud.nl
2026-07-16 11:56:31
(51 minutes ago)
Try to access /.git/config
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:03:59
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:03:54.214696 2026] [security2:error] [pid 24482:tid 24482] [client 18.192.54.25:39558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joescherzi.com"] [uri "/.git/config"] [unique_id "alisiuWZyeNK_TX4BCj6GwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
grassau.com
2026-07-16 09:53:31
(2 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 18.192.54.25 (DE/Germany/Hesse/Frankfur ...
show more
(mod_security) mod_security triggered on hostname [redacted] 18.192.54.25 (DE/Germany/Hesse/Frankfurt am Main/ec2-18-192-54-25.eu-central-1.compute.amazonaws.com)
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-16 09:44:49
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 05:44:42.633756 2026] [security2:error] [pid 19394:tid 19394] [client 18.192.54.25:37360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joeordie.com"] [uri "/.git/config"] [unique_id "alioCpAXt86YzCPWRg0IXgAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 09:25:33
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 18.192.54.25 (ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 05:25:29.284241 2026] [security2:error] [pid 10013:tid 10013] [client 18.192.54.25:45134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joelsarakula.com"] [uri "/.git/config"] [unique_id "alijiV-t-o2AJs9_6z52tAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ฌ
HighWay
2026-07-16 05:26:15
(7 hours ago)
18.192.54.25 - - [16/Jul/2026:05:26:10 +0000] "GET /.git/config HTTP/1.1" 403 421 "-" "Mozilla/5.0 ( ...
show more
18.192.54.25 - - [16/Jul/2026:05:26:10 +0000] "GET /.git/config HTTP/1.1" 403 421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
18.192.54.25 - - [16/Jul/2026:05:26:11 +0000] "GET /.env HTTP/1.1" 403 421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
18.192.54.25 - - [16/Jul/2026:05:26:11 +0000] "GET /.env.local HTTP/1.1" 403 421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Port Scan
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-16 00:52:50
(11 hours ago)
392 requests with url.path *phpinfo.php
Brute-Force
Bad Web Bot
Anonymous
2026-07-16 00:16:05
(12 hours ago)
Bot / scanning and/or hacking attempts: GET /.env.staging HTTP/1.1, GET /.env HTTP/1.1, GET /.env.de ...
show more
Bot / scanning and/or hacking attempts: GET /.env.staging HTTP/1.1, GET /.env HTTP/1.1, GET /.env.development HTTP/1.1, GET /.env.bak HTTP/1.1, GET /.env.production HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env.test HTTP/1.1, POST / HTTP/1.1, GET /.env.local HTTP/1.1, GET /.env.remote HTTP/1.1
show less
Hacking
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-15 21:56:28
(14 hours ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ฆ๐บ
screwlooseit.com.au
2026-07-15 20:48:05
(16 hours ago)
Blocked by CSF 13 firewall - Rule: config-dotfile
DE/Germany/ec2-18-192-54-25.eu-central-1.compute.a ...
show more
Blocked by CSF 13 firewall - Rule: config-dotfile
DE/Germany/ec2-18-192-54-25.eu-central-1.compute.amazonaws.com
show less
Web App Attack
Anonymous
2026-07-15 18:12:03
(18 hours ago)
(caddyscan) Scanner path probe from 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:18:12:00 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:18:12:00 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:18:12:00 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:18:12:00 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:18:12:01 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐ฎ๐น
VHosting
2026-07-15 17:55:03
(18 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-07-15 17:22:10
(19 hours ago)
(modsecurity) srv104 ModSecurity 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.amaz ...
show more
(modsecurity) srv104 ModSecurity 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
Anonymous
2026-07-15 14:41:24
(22 hours ago)
(caddyscan) Scanner path probe from 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 18.192.54.25 (DE/Germany/ec2-18-192-54-25.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:14:41:20 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:14:41:20 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:14:41:20 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:14:41:20 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 18.192.54.25 - - [15/Jul/2026:14:41:21 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐จ๐ญ
backslash
2022-07-12 11:20:04
(4 years ago)
block ruleset bad bot: ignores robots.txt 8010B44F7E78AD8B94C70711C72D11CDE0DAC0F4
Bad Web Bot