๐บ๐ธ
chrisj
2026-06-06 13:55:25
(4 weeks ago)
[Sat Jun 06 13:55:24.380316 2026] [proxy_fcgi:error] [pid 246173:tid 246173] [client 162.158.79.92:1 ...
show more
[Sat Jun 06 13:55:24.380316 2026] [proxy_fcgi:error] [pid 246173:tid 246173] [client 162.158.79.92:14202] AH01071: Got error 'Primary script unknown', referer: http://108.160.144.1:80/phpinfo2.php
[Sat Jun 06 13:55:24.822156 2026] [proxy_fcgi:error] [pid 246173:tid 246173] [client 162.158.79.92:14202] AH01071: Got error 'Primary script unknown', referer: http://108.160.144.1:80/version.php
[Sat Jun 06 13:55:25.234781 2026] [proxy_fcgi:error] [pid 246173:tid 246173] [client 162.158.79.92:14202] AH01071: Got error 'Primary script unknown', referer: http://108.160.144.1:80/env.php
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-05-15 06:39:16
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:37:23.914994 2026] [security2:error] [pid 3599:tid 3599] [client 162.158.79.92:9409] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.koshland.koshland.us|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.koshland.koshland.us"] [uri "/db_backup.sql"] [unique_id "aga_I-S5ExBj7sKGZLi30QAAADg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
freeutka
2026-05-06 06:25:19
(1 month ago)
WordPress brute-force login attempt on wp-login.php.
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-08 03:05:41
(2 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-05 17:05:12
(3 months ago)
Scanning/Probing (15)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-04 12:05:32
(3 months ago)
Scanning/Probing (17)
Brute-Force
Web App Attack
๐บ๐ธ
mawan
2026-03-31 23:48:11
(3 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐บ๐ธ
mnsf
2026-03-31 03:06:01
(3 months ago)
Scanning/Probing (19)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-03-30 02:05:27
(3 months ago)
Scanning/Probing (19)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 13:05:40
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 27 09:02:47.477495 2026] [security2:error] [pid 31625:tid 31658] [client 162.158.79.92:12570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.kellenlee.com"] [uri "/app/.env"] [unique_id "acZ_958VJHgw6bAdmlEW1wAAAQI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 00:39:50
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 20:39:40.336455 2026] [security2:error] [pid 22710:tid 22710] [client 162.158.79.92:13365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.grandvistalabs.com"] [uri "/.env.example"] [unique_id "acXRzKljop60tQWc4V6A8QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 13:29:05
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 09:28:51.414618 2026] [security2:error] [pid 19983:tid 19983] [client 162.158.79.92:11674] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.silvermoonpizza.com"] [uri "/web/.env"] [unique_id "acU0k656PGIgCh_lvoNFqgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 10:14:02
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 06:13:57.346621 2026] [security2:error] [pid 20307:tid 20447] [client 162.158.79.92:10270] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.anshinholdings.com"] [uri "/.env.development.local"] [unique_id "acUG5QrzOv2IO7nR89KGBwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 15:56:26
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 11:56:19.156204 2026] [security2:error] [pid 11078:tid 11078] [client 162.158.79.92:9436] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.cameronwv.com"] [uri "/.env.production.bak"] [unique_id "acQFox2shov4xzUL-SKNzwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 15:26:29
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.79.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 11:25:55.519372 2026] [security2:error] [pid 2849:tid 2849] [client 162.158.79.92:14034] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.naturev.net"] [uri "/.env_settings"] [unique_id "acP-gzkNq7TJBmbq_cA36QAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack