๐บ๐ธ
TPI-Abuse
2026-07-17 02:41:12
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:41:08.318117 2026] [security2:error] [pid 20597:tid 20597] [client 18.203.95.214:53328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artattackgraphics.com"] [uri "/.git/config"] [unique_id "almWRGEPZ-2H3vZhlD2_zQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:39:00
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:38:53.575368 2026] [security2:error] [pid 25764:tid 25764] [client 18.203.95.214:50630] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pontiacpalace.com"] [uri "/.git/config"] [unique_id "almHrY2ccXvSEVv692dbHgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 13:18:19
(1 day ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 08:53:24
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 04:53:17.295806 2026] [security2:error] [pid 23157:tid 23157] [client 18.203.95.214:59682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pondplain.org"] [uri "/.git/config"] [unique_id "alib_ZLQ64qqUJRvYQWV9QAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
WebNiraj
2026-07-16 06:55:04
(1 day ago)
(mod_security) mod_security (id:949110) triggered by 18.203.95.214 (IE/Ireland/ec2-18-203-95-214.eu- ...
show more
(mod_security) mod_security (id:949110) triggered by 18.203.95.214 (IE/Ireland/ec2-18-203-95-214.eu-west-1.compute.amazonaws.com): 5 in the last 3600 secs [SIGMA]
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 05:13:06
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.203.95.214 (ec2-18-203-95-214.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:12:58.987220 2026] [security2:error] [pid 20921:tid 20921] [client 18.203.95.214:38828] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "polydorou.eu"] [uri "/.git/config"] [unique_id "alhoWtm5c3Is6HE_Stup-gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-16 01:44:54
(1 day ago)
cloudlinux2 fail2ban: 2026-07-16 03:38:49,797 fail2ban.actions [1812]: NOTICE [plesk-modsecu ...
show more
cloudlinux2 fail2ban: 2026-07-16 03:38:49,797 fail2ban.actions [1812]: NOTICE [plesk-modsecurity] Unban 206.62.114.199cloudlinux2 fail2ban: 2026-07-16 03:39:29,996 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 45.131.194.2 - 2026-07-16 03:39:28cloudlinux2 fail2ban: 2026-07-16 03:39:29,962 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 216.73.163.246 - 2026-07-16 03:39:28cloudlinux2 fail2ban: 2026-07-16 03:40:52,608 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 18.203.95.214 - 2026-07-16 03:40:52cloudlinux2 fail2ban: 2026-07-16 03:40:52,550 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 18.203.95.214 - 2026-07-16 03:40:52cloudlinux2 fail2ban: 2026-07-16 03:40:52,574 fail2ban.actions [1812]: NOTICE [plesk-modsecurity] Ban 18.203.95.214cloudlinux2 fail2ban: 2026-07-16 03:40:52,621 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 18.203.95.214 - 2026-07-16 03:40:52cloudlinux2 fail2ban: 2026-07-16 03:40:52,63
show less
Web App Attack
๐ฉ๐ช
pltcldvlpr
2026-07-16 00:45:20
(1 day ago)
CMS/framework probe: 18.203.95.214 - - [16/Jul/2026:02:45:19 +0200] "GET /.git/config HTTP/1.1" 444 ...
show more
CMS/framework probe: 18.203.95.214 - - [16/Jul/2026:02:45:19 +0200] "GET /.git/config HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" asn=16509 org="Amazon.com, Inc." country=IE
...
show less
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-15 21:23:18
(1 day ago)
Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b ...
show more
Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b (932235-stl2-17)
show less
Hacking
๐ฎ๐น
VHosting
2026-07-15 19:00:05
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-15 13:08:34
(2 days ago)
IM360 WAF: Direct access to sensitive file or dotfile MV:/api/.env
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-15 13:08:24
(2 days ago)
IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ...
show more
IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478)
show less
Hacking