๐ณ๐ฑ
homeshowdomain.nl
2026-05-28 22:00:12
(1 month ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-28 01:24:52
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 21:24:46.765183 2026] [security2:error] [pid 12714:tid 12714] [client 107.174.194.118:48041] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stevensalsberg.com.salsberggroup.com"] [uri "/.env.dev"] [unique_id "aheZXmZ2R7Tm_sohxfmWSgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-27 17:47:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:46:44.356621 2026] [security2:error] [pid 10313:tid 10339] [client 107.174.194.118:55725] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "managementconsultant.us"] [uri "/.env.development.local"] [unique_id "ahcuBInObifvDZXeomdT2gAAARc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-27 13:51:46
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 09:51:40.331089 2026] [security2:error] [pid 25507:tid 25507] [client 107.174.194.118:56049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.aeongames.com"] [uri "/.env.vercel"] [unique_id "ahb27Iw8EqVziHiu5KDWHwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-27 12:00:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:00:46.063669 2026] [security2:error] [pid 29468:tid 29512] [client 107.174.194.118:44447] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.southtampaprinting.com"] [uri "/.env.dev"] [unique_id "ahbc7m6ba1eZmOtiY716-AAAAIo"], referer: https://www.google.com/search?q=cpanel.southtampaprinting.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐น
Renรฉ Hickersberger
2026-05-27 02:07:55
(1 month ago)
malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537. ...
show more
malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)"
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-27 00:13:22
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:13:11.437791 2026] [security2:error] [pid 32013:tid 32013] [client 107.174.194.118:54471] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boardingatthewedge.com"] [uri "/.env.php"] [unique_id "ahY3F3svd1bQ9z7UoYztsgAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 23:51:50
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 19:50:29.531101 2026] [security2:error] [pid 30562:tid 30562] [client 107.174.194.118:35945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.asfmglobal.com"] [uri "/wp-config.php~"] [unique_id "ahYxxQ3i7tpgqQ1LSyTOaQAAAAA"], referer: https://www.google.com/search?q=cpcalendars.asfmglobal.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 18:15:28
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:13:15.548011 2026] [security2:error] [pid 3028:tid 3028] [client 107.174.194.118:52143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mountararattrek.com.amybeam.com"] [uri "/.env.bak"] [unique_id "ahXiu4e0guS5i4lv2TTTdQAAABg"], referer: https://www.google.com/search?q=www.mountararattrek.com.amybeam.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 17:55:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 13:55:07.215247 2026] [security2:error] [pid 22912:tid 22912] [client 107.174.194.118:54705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "foundintranslation.net"] [uri "/.env.dusk.local"] [unique_id "ahXee4JptONZrqoc0Z2JuwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 18:41:01
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210730) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:40:47.519080 2025] [security2:error] [pid 22841:tid 23006] [client 107.174.194.118:46597] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/mysqldump.sql"] [unique_id "aVLLL7vqJPp5jxktaSFquwAAAMg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 10:33:06
(7 months ago)
(mod_security) mod_security (id:211190) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:211190) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 05:32:57.802953 2025] [security2:error] [pid 12472:tid 12472] [client 107.174.194.118:57845] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ftp.nbcnewsradio.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /WealthT24/GetImage?docDownloadPath=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/WealthT24/GetImage"] [unique_id "aRWz2e_aoF1yCfvIerRL8AAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-27 01:43:31
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210730) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:43:30.013217 2025] [security2:error] [pid 729662:tid 729790] [client 107.174.194.118:40635] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.kettlehill.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/admin/logs/errors.log"] [unique_id "aIWEQrnOl9VusXIpylMePgAAAQo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-30 07:13:07
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocross ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.194.118 (107-174-194-118-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 03:12:59.891741 2025] [security2:error] [pid 20272:tid 20272] [client 107.174.194.118:47999] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/content../.git/config"] [unique_id "aDlae4WoWGIRxxpHqwRfnwAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-15 09:40:35
(1 year ago)
| A web attack returned code 200 (success).
Hacking
SQL Injection
Web App Attack