๐บ๐ธ
TPI-Abuse
2026-06-30 13:09:35
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:09:30.757118 2026] [security2:error] [pid 9540:tid 9540] [client 64.94.84.158:50118] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.madisonmedia.ai"] [uri "/.env.swp"] [unique_id "akPACi4ZdS9sVkeoHIRCQwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 13:04:49
(3 days ago)
Aggressive web scan
Web App Attack
Anonymous
2026-06-30 11:44:39
(3 days ago)
Blocked by ModSec and CSF
Port Scan
๐ง๐พ
lns.bz
2026-06-30 10:43:47
(3 days ago)
Too many 404 requests [BY]
Web App Attack
๐ณ๐ฑ
debestelapp
2026-06-30 10:35:07
(3 days ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 10:35:06
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:35:01.721684 2026] [security2:error] [pid 12660:tid 12660] [client 64.94.84.158:17626] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "damonmarks.com"] [uri "/.env.save"] [unique_id "akOb1WFGJDAfMe9z8j05nQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
expandmade.com
2026-06-30 10:29:27
(3 days ago)
trolling for installation vulnerabilities [30/Jun/2026:10:29:27 "GET /app/service-account.json"]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 09:53:29
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:53:21.264208 2026] [security2:error] [pid 18168:tid 18168] [client 64.94.84.158:49765] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grandriverhomes.com"] [uri "/.env.local"] [unique_id "akOSEcYl4_ofG1LBMhtSeAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-30 09:10:26
(3 days ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐ฉ๐ช
4server
2026-06-30 08:49:41
(3 days ago)
[TueJun3010:49:37.5877382026][security2:error][pid4155048:tid4155110][client64.94.84.158:0]ModSecuri ...
show more
[TueJun3010:49:37.5877382026][security2:error][pid4155048:tid4155110][client64.94.84.158:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(\?:/\(\?:\^\|/\)\\\\\\\\.\(env\|git\|svn\|hg\|DS_Store\)\|/\(\?:wp-config\|\\\\\\\\.htaccess\|\\\\\\\\.htpasswd\)\|\\\\\\\\.\(\?:sql\|bak\|old\|log\)\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"www.kvsm-blackstone.com.136-243-54-122.cpanel.site\"][uri\"/wp-config.php.bak\"][unique_id\"akODIdwEh9oL-mCAr3y4dwAAAIA\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ฌ๐ง
djboddington
2026-06-30 08:13:42
(3 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
Anonymous
2026-06-30 08:04:03
(3 days ago)
Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /.env.save HTTP/1.1
Hacking
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-06-30 08:02:17
(3 days ago)
-:443 64.94.84.158 - - [30/Jun/2026:10:02:16 +0200] - "GET /settings.py HTTP/1.1" 404 6418 "-" "Mozi ...
show more
-:443 64.94.84.158 - - [30/Jun/2026:10:02:16 +0200] - "GET /settings.py HTTP/1.1" 404 6418 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
show less
Bad Web Bot
๐ฌ๐ง
consul.to
2026-06-30 07:23:53
(3 days ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 06:45:00
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 64.94.84.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:44:55.794067 2026] [security2:error] [pid 16757:tid 16757] [client 64.94.84.158:63198] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.landjudging.com.watongacommunitycats.org"] [uri "/.env"] [unique_id "akNl51p3C6Cm2165I8xkRAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack