๐บ๐ธ
TPI-Abuse
2026-06-30 19:22:53
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:22:49.137586 2026] [security2:error] [pid 17976:tid 17976] [client 185.184.122.214:37986] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infodevman.net"] [uri "/.env"] [unique_id "akQXiXjEuynrOsTVKFKMWQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 19:00:00
(20 hours ago)
Aggressive web scan
Web App Attack
๐ณ๐ฑ
e.fierstra
2026-06-30 18:52:31
(20 hours ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 17:29:52
(22 hours ago)
(caddyscan) Scanner path probe from 185.184.122.214 (DE/Germany/vm931537.hosted-by.u1host.com): 5 in ...
show more
(caddyscan) Scanner path probe from 185.184.122.214 (DE/Germany/vm931537.hosted-by.u1host.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 185.184.122.214 - - [30/Jun/2026:17:29:45 +0000] "GET /.env.production.local HTTP/1.1"
[REDACTED] 200 2627 185.184.122.214 - - [30/Jun/2026:17:29:46 +0000] "GET /.env.development.local HTTP/1.1"
[REDACTED] 200 2627 185.184.122.214 - - [30/Jun/2026:17:29:46 +0000] "GET /.env.test.local HTTP/1.1"
[REDACTED] 200 2627 185.184.122.214 - - [30/Jun/2026:17:29:48 +0000] "GET /app/.env HTTP/1.1"
[REDACTED] 200 2627 185.184.122.214 - - [30/Jun/2026:17:29:48 +0000] "GET /src/.env HTTP/1.1"
show less
Port Scan
๐ฌ๐ง
Oakley
2026-06-30 16:57:49
(22 hours ago)
(confirmed_bot_sig) Confirmed bot
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 16:12:49
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:12:43.716605 2026] [security2:error] [pid 18347:tid 18347] [client 185.184.122.214:40176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pnp42.com.grancanariaholidays.com"] [uri "/.env.dist"] [unique_id "akPq-6vY_0pHvvyTHrxWKQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 15:49:27
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:49:23.777535 2026] [security2:error] [pid 15794:tid 15794] [client 185.184.122.214:47110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drkerryklett.com"] [uri "/.env.development"] [unique_id "akPlg7vu9KQUBr-yMYxjpAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-30 15:03:55
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
SCHAPPY
2026-06-30 14:30:06
(1 day ago)
Brute-force attack to identify web exploits
Brute-Force
Web App Attack
๐ณ๐ฑ
lns.bz
2026-06-30 13:36:47
(1 day ago)
.env scanning [DOPP]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 12:41:45
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:41:37.623572 2026] [security2:error] [pid 328:tid 328] [client 185.184.122.214:33634] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ctrl-p.saltcityprint.com"] [uri "/server/.env"] [unique_id "akO5gTuLYzytjZ9Ipb3cwwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 11:52:14
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210730) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 07:52:10.154910 2026] [security2:error] [pid 14065:tid 14065] [client 185.184.122.214:45084] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.byles.net|F|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.byles.net"] [uri "/config/master.key"] [unique_id "akOt6o1q8R75sns-KxvYPgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 09:53:39
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 185.184.122.214 (vm931537.hosted-by.u1host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:53:33.173904 2026] [security2:error] [pid 17293:tid 17293] [client 185.184.122.214:54358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.grandriverhomes.com"] [uri "/.env.development"] [unique_id "akOSHZ7defMqnNBCK3y44wAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 09:11:19
(1 day ago)
[30/Jun/2026:12:11:18 +0300] 178281067819.983413 185.184.122.214 49202 148.251.76.218 443
[30/Jun/20 ...
show more
[30/Jun/2026:12:11:18 +0300] 178281067819.983413 185.184.122.214 49202 148.251.76.218 443
[30/Jun/2026:12:11:18 +0300] 178281067838.739389 185.184.122.214 49202 148.251.76.218 443
show less
Web App Attack
๐ซ๐ท
dynamix
2026-06-30 09:06:51
(1 day ago)
Multiple WAF Violations
Web App Attack