๐บ๐ธ
TPI-Abuse
2026-07-17 02:46:49
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:46:42.205305 2026] [security2:error] [pid 149933:tid 149933] [client 18.193.48.153:41626] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "asttechgroup.com"] [uri "/.git/config"] [unique_id "almXkjRUUsuBxqr6kIQSDAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:20:58
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:20:53.202957 2026] [security2:error] [pid 559:tid 559] [client 18.193.48.153:44140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "astrologydemo.com"] [uri "/.git/config"] [unique_id "almDdQdRlY9Ixmk2M9gZOQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:00:37
(6 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-15.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
wteiken
2026-07-16 16:36:31
(12 hours ago)
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:29 -0400] "GET /.git/config HTTP/1.1" ...
show more
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:29 -0400] "GET /.git/config HTTP/1.1" 404 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:30 -0400] "GET /.env HTTP/1.1" 404 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:30 -0400] "GET /.env.local HTTP/1.1" 404 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:30 -0400] "GET /.env.production HTTP/1.1" 404 565 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
www.teiken.net:443 18.193.48.153:59174 - - [16/Jul/2026:12:36:30 -0400] "GET /.env.staging HTTP/1.1"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 13:09:46
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:09:43.037569 2026] [security2:error] [pid 32369:tid 32369] [client 18.193.48.153:36764] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "naominixon.com"] [uri "/.git/config"] [unique_id "aljYF6hL3Sv_BL8C5vW55wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
Origon
2026-07-16 12:33:20
(16 hours ago)
http-sensitive-files - IP: 18.193.48.153 - time="2026-07-16T14:33:20+02:00" level=info msg="(555f66 ...
show more
http-sensitive-files - IP: 18.193.48.153 - time="2026-07-16T14:33:20+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 18.193.48.153 (DE/16509) : 4h ban on Ip 18.193.48.153" module=db
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 05:00:47
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:00:19.784801 2026] [security2:error] [pid 26486:tid 26486] [client 18.193.48.153:44470] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namefinder.com"] [uri "/.git/config"] [unique_id "alhlY_WqE44WzVy-AgwJOwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
paissangroup
2026-07-16 04:37:30
(1 day ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 00:41:22
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 20:41:16.675477 2026] [security2:error] [pid 9299:tid 9299] [client 18.193.48.153:55248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "naked60yearoldgaymen.com"] [uri "/.git/config"] [unique_id "algorJdCM3OZb5Ncn5Q0PgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
000rosiu
2026-07-15 14:45:30
(1 day ago)
Triggered Cloudflare WAF (botFight) from DE.
Action: MANAGED_CHALLENGE | Protocol: HTTP/1.1 (GET) | ...
show more
Triggered Cloudflare WAF (botFight) from DE.
Action: MANAGED_CHALLENGE | Protocol: HTTP/1.1 (GET) | Endpoint: /site/phpinfo.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ซ๐ท
โจ
2026-07-15 00:12:20
(2 days ago)
Domain : the-woodturners-shed.co.uk
Rule : hack
2026-07-15 00:09:39 ***hidden-privacy*** GET /.env.b ...
show more
Domain : the-woodturners-shed.co.uk
Rule : hack
2026-07-15 00:09:39 ***hidden-privacy*** GET /.env.bak - 443 - 18.193.48.153 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 - the-woodturners-shed.co.uk 404 0 0 13032 359 20 - -
show less
Hacking
SQL Injection
Brute-Force
๐ฉ๐ช
FeG Deutschland
2026-07-14 22:09:09
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 22:03:28
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 18:03:23.226537 2026] [security2:error] [pid 15415:tid 15415] [client 18.193.48.153:51700] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thewellnessxperience.com"] [uri "/.git/config"] [unique_id "alayKw4dpfreFArgJhYjFgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 19:42:28
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.c ...
show more
(mod_security) mod_security (id:210492) triggered by 18.193.48.153 (ec2-18-193-48-153.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 15:42:22.533349 2026] [security2:error] [pid 12868:tid 12868] [client 18.193.48.153:42952] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thevoodooguru.com"] [uri "/.git/config"] [unique_id "alaRHizEzOO1Vn5Bhf-tbgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WellSpring
2026-07-14 12:39:28
(2 days ago)
env leak on thetimeofthereturn.com/private/.env โ WellSpr.ing/NetSentinel civic-AI security layer
Web App Attack