๐บ๐ธ
TPI-Abuse
2026-07-17 00:23:44
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:23:38.983112 2026] [security2:error] [pid 21789:tid 21789] [client 3.123.43.192:45800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.funnyaaron.com"] [uri "/.git/config"] [unique_id "all2CnT4a6DcY-HTtxranwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 23:33:27
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 19:33:21.286147 2026] [security2:error] [pid 13764:tid 13764] [client 3.123.43.192:33214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.fsmfl.com"] [uri "/.git/config"] [unique_id "allqQdz_w0r1VO9QxVXPrwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 23:22:49
(8 hours ago)
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:23:22:46 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:23:22:46 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:23:22:46 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:23:22:46 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:23:22:46 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
Anonymous
2026-07-16 23:09:00
(8 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2026-07-16 22:02:47
(9 hours ago)
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:22:02:43 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:22:02:44 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:22:02:44 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:22:02:44 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:22:02:44 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:01:05
(9 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-15.
show less
Web App Attack
SSH
Hacking
๐ช๐ธ
alferez
2026-07-16 21:21:18
(10 hours ago)
Searching .(env|sql|zip|tar|rar) files
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:21:22
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:21:14.512665 2026] [security2:error] [pid 30474:tid 30474] [client 3.123.43.192:51592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.foothillsjasper.com"] [uri "/.git/config"] [unique_id "alk9OjuZBcONt7QmMr36VgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-16 17:38:33
(14 hours ago)
[ThuJul1619:38:30.4075902026][security2:error][pid300326:tid300368][client3.123.43.192:0]ModSecurity ...
show more
[ThuJul1619:38:30.4075902026][security2:error][pid300326:tid300368][client3.123.43.192:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\*\\\\\\\\\)\|.\*\)\\\\\\\\\)\|\\\\\\\\{.\*\\\\\\\\}\)\|[\<\>]\\\\\\\\\(.\*\\\\\\\\\)\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$\(\(41\*271\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require\(child_process\).execsync\(echo\$\(\(41\*271\)\)\|base64-w0\).tostring\(\).trim\(\)throwobject.assign\(newerror\(next_redirect\){digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"mail.fit-easy.com\"][uri\"/\"][unique_id\"alkXFpwe9s3rrn_1YLHxKQAAAYY\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 15:08:58
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 11:08:54.886278 2026] [security2:error] [pid 8114:tid 8114] [client 3.123.43.192:35408] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.fernandodearatanha.com"] [uri "/.git/config"] [unique_id "alj0BsaA0qWcdFmJlvFyQwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 13:12:20
(18 hours ago)
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.a ...
show more
(caddyscan) Scanner path probe from 3.123.43.192 (DE/Germany/ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:13:12:18 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:13:12:18 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:13:12:18 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:13:12:18 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 3.123.43.192 - - [16/Jul/2026:13:12:19 +0000] "GET /.env.staging HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-16 10:09:30
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:09:22.427762 2026] [security2:error] [pid 1497:tid 1497] [client 3.123.43.192:58870] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.exp.com.tr"] [uri "/.git/config"] [unique_id "alit0iLgPwPNfs7dzH9C9wAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 08:57:23
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.123.43.192 (ec2-3-123-43-192.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 04:57:18.277054 2026] [security2:error] [pid 29321:tid 29321] [client 3.123.43.192:33950] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.everpickon.com"] [uri "/.git/config"] [unique_id "alic7piAzl54rjWtBXBBhQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐พ
lns.bz
2026-07-16 04:46:15
(1 day ago)
Too many 404 requests [BY]
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-15 21:59:51
(1 day ago)
Auto-ban: >3000 req/min op 2026-07-15
Web App Attack
SSH
Hacking