This IP address has been reported a total of
22
times from
17 distinct
sources.
185.93.2.250 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
185.93.2.250 - - [01/Jul/2026:02:39:53 +0200] "GET /.hocaZxO5duro HTTP/1.1" 404 153 "-" "Mozilla/5.0 ...
show more185.93.2.250 - - [01/Jul/2026:02:39:53 +0200] "GET /.hocaZxO5duro HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6) Gecko/20100118 Gentoo Firefox/3.5.6"
185.93.2.250 - - [01/Jul/2026:02:39:58 +0200] "GET /.env.prod HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nb-NO; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 (.NET CLR 3.5.30729)"
185.93.2.250 - - [01/Jul/2026:02:39:58 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-NZ; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13"
185.93.2.250 - - [01/Jul/2026:02:39:58 +0200] "GET /.env HTTP/1.1" 404 555 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8)"
185.93.2.250 - - [01/Jul/2026:02:40:03 +0200] "GET /.env.current HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; it-it) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16"
185.93.2.
...
show less
[TueJun3012:22:11.7586342026][security2:error][pid61355:tid61411][client185.93.2.250:0]ModSecurity:A ...
show more[TueJun3012:22:11.7586342026][security2:error][pid61355:tid61411][client185.93.2.250:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"galardi.ch\"][uri\"/.env.live\"][unique_id\"akOY005RSkviqbuTYsRrTwAAAFQ\"]
show less
Automated malicious activity (Honeypot Trap) detected and blocked at the CDN edge by NordicCDN Shiel ...
show moreAutomated malicious activity (Honeypot Trap) detected and blocked at the CDN edge by NordicCDN Shield. Offenses: 2. First blocked: 2026-06-29.
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-25.
show less
Web App Attack
SSH
Hacking
Showing 1 to
15
of 22 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ