๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:00:09
(10 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-15.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 15:11:02
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 11:10:56.286839 2026] [security2:error] [pid 30337:tid 30337] [client 54.191.170.40:49894] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "godplusus.com"] [uri "/.git/config"] [unique_id "alj0gHQCzcWByP3aMVAPWAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 13:12:25
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:12:20.327199 2026] [security2:error] [pid 5866:tid 5866] [client 54.191.170.40:41760] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "godcanuseyou.com"] [uri "/.git/config"] [unique_id "aljYtOf-ahTLs0vNti6yygAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
netclix.gr
2026-07-16 09:21:51
(22 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 54.191.170.40 (US/United States/ec2-54- ...
show more
(mod_security) mod_security triggered on hostname [redacted] 54.191.170.40 (US/United States/ec2-54-191-170-40.us-west-2.compute.amazonaws.com): (CF_ENABLE)
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-16 08:45:17
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 04:45:11.299177 2026] [security2:error] [pid 3792979:tid 3792979] [client 54.191.170.40:47990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goatedlottosecrets.com"] [uri "/.git/config"] [unique_id "aliaF8DxZ-FjBZtzCbCllAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-16 08:31:31
(23 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 06:40:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 02:40:15.228000 2026] [security2:error] [pid 17962:tid 17962] [client 54.191.170.40:44450] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "go-901.com"] [uri "/.git/config"] [unique_id "alh8z7Rn-Snk3P6mMN5fagAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-16 03:30:09
(1 day ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2026-07-16 00:52:05
(1 day ago)
[Wed Jul 15 17:53:06.200148 2026] [php:error] [pid 602913:tid 602913] [client 54.191.170.40:35286] s ...
show more
[Wed Jul 15 17:53:06.200148 2026] [php:error] [pid 602913:tid 602913] [client 54.191.170.40:35286] script '/var/www/html/core/phpinfo.php' not found or unable to stat
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 00:46:58
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 54.191.170.40 (ec2-54-191-170-40.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 20:46:51.250384 2026] [security2:error] [pid 1409:tid 1409] [client 54.191.170.40:42490] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gmroyalties.com"] [uri "/.git/config"] [unique_id "algp-6dX57MxBCubpLnb9AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
leo1305
2026-07-15 21:09:40
(1 day ago)
CrowdSec detection | scenario: http-probing
Port Scan
Web App Attack
Anonymous
2026-07-15 15:52:23
(1 day ago)
[Wed Jul 15 17:52:22.946644 2026] [access_compat:error] [pid 575247:tid 575247] [client 54.191.170.4 ...
show more
[Wed Jul 15 17:52:22.946644 2026] [access_compat:error] [pid 575247:tid 575247] [client 54.191.170.40:37412] AH01797: client denied by server configuration: /var/www/html/.git
[Wed Jul 15 17:52:23.285194 2026] [access_compat:error] [pid 575247:tid 575247] [client 54.191.170.40:37412] AH01797: client denied by server configuration: /var/www/html/.env
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 15:40:04
(1 day ago)
| Suspicious URL access.
Web App Attack
Hacking
SQL Injection
Anonymous
2026-07-15 14:07:01
(1 day ago)
Blocked: Reason='Vulnerability probing โ PHP scan detected (41/60 min)'; Requests=41
Port Scan
๐ซ๐ท
Octopuce
2026-07-15 13:13:51
(1 day ago)
Aggressive web search of vulnerable pages: /.env /.env.local /app/.env /apps/.env /api/.env ...
Web App Attack