๐ฆ๐บ
RedBear IT
2026-03-26 10:00:37
(3 months ago)
"DDoS against public endpoint"
DDoS Attack
๐จ๐ญ
Origon
2026-02-15 11:42:18
(4 months ago)
http-sensitive-files - IP: 209.50.163.68 - time="2026-02-15T12:42:18+01:00" level=info msg="(555f66 ...
show more
http-sensitive-files - IP: 209.50.163.68 - time="2026-02-15T12:42:18+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 209.50.163.68 (US/200373) : 4h ban on Ip 209.50.163.68" module=db
show less
Web App Attack
๐บ๐ธ
mnsf
2026-02-15 06:05:59
(4 months ago)
Too many Status 40X (12)
Scanning/Probing (13)
Brute-Force
Web App Attack
๐บ๐ธ
myagent.site
2026-02-15 05:34:12
(4 months ago)
Blocking for trying to access an exploit file: /backend/.env
Hacking
๐ฎ๐น
alph44
2026-02-15 03:56:43
(4 months ago)
(mod_security) mod_security (id:949110) triggered by 209.50.163.68 (US/United States/-): 5 in the la ...
show more
(mod_security) mod_security (id:949110) triggered by 209.50.163.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs:
show less
Web App Attack
๐ณ๐ฑ
ParaBug
2026-02-15 02:31:15
(4 months ago)
209.50.163.68 - - [15/Feb/2026:03:31:13 +0100] "GET /.env HTTP/1.1" 301 517 "-" "Mozilla/5.0 (Window ...
show more
209.50.163.68 - - [15/Feb/2026:03:31:13 +0100] "GET /.env HTTP/1.1" 301 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
...
show less
Phishing
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 08:52:25
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:52:15.993333 2025] [security2:error] [pid 3651939:tid 3651939] [client 209.50.163.68:33811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.markgreenhouse.com"] [uri "/.svn/wc.db"] [unique_id "aSQcvyCSPsIXVvF1sPXhdAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 08:22:14
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:22:07.682793 2025] [security2:error] [pid 11142:tid 11142] [client 209.50.163.68:23383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.galengetting.edgewatertaxidermy.com"] [uri "/.env"] [unique_id "aSQVr_LbH1RdQefen260qgAAAC0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 07:36:32
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:35:58.225909 2025] [security2:error] [pid 4855:tid 4855] [client 209.50.163.68:54329] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.lighthousechristmascards.com"] [uri "/.git/HEAD"] [unique_id "aSQK3p5sIgZNg-V8tnBeLQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-14 19:59:17
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 14 14:59:13.558435 2025] [security2:error] [pid 26154:tid 26154] [client 209.50.163.68:22947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.dwiller.com"] [uri "/.env"] [unique_id "aReKEcmconq3pMlS8eXrTgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-14 01:14:47
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 209.50.163.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 20:14:40.981479 2025] [security2:error] [pid 31666:tid 31666] [client 209.50.163.68:30257] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.ultratecnologia.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.ultratecnologia.com"] [uri "/s3cmd.ini"] [unique_id "aRaCgMIsU4W2YmnyE_6AmgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
wil.com
2025-10-16 11:57:03
(8 months ago)
GlobalProtect login attempts with user krodgers.
VPN IP
Brute-Force
Anonymous
2025-10-16 11:43:16
(8 months ago)
WordPress Brute Force
Brute-Force
Anonymous
2025-10-14 19:16:19
(8 months ago)
This IP was involved in a brute force and password spray attack.
Brute-Force
Web App Attack
Anonymous
2025-10-08 13:59:53
(8 months ago)
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.08 is noted in report tim ...
show more
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.08 is noted in report timestamp
show less
Hacking
Brute-Force