๐ณ๐ฑ
homeshowdomain.nl
2026-07-18 22:03:51
(9 hours ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-07-17.
show less
Web App Attack
SSH
Hacking
๐ณ๐ฑ
homeshowdomain.nl
2026-07-17 21:59:14
(1 day ago)
Auto-ban: >3000 req/min op 2026-07-17
Web App Attack
SSH
Hacking
๐ซ๐ท
dynamix
2026-07-17 16:53:00
(1 day ago)
Multiple WAF Violations
Web App Attack
Anonymous
2026-07-17 16:43:42
(1 day ago)
(caddyscan) Scanner path probe from 66.151.43.37 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; ...
show more
(caddyscan) Scanner path probe from 66.151.43.37 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 66.151.43.37 - - [17/Jul/2026:16:43:40 +0000] "GET /wp-config.php.bak HTTP/1.1"
[REDACTED] 200 2627 66.151.43.37 - - [17/Jul/2026:16:43:40 +0000] "GET /wp-config.php.old HTTP/1.1"
[REDACTED] 200 2627 66.151.43.37 - - [17/Jul/2026:16:43:41 +0000] "GET /wp-config.php.save HTTP/1.1"
[REDACTED] 200 2627 66.151.43.37 - - [17/Jul/2026:16:43:41 +0000] "GET /wp-config.php.txt HTTP/1.1"
[REDACTED] 200 2627 66.151.43.37 - - [17/Jul/2026:16:43:41 +0000] "GET /wp-config.php~ HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-17 16:03:05
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 12:03:00.375098 2026] [security2:error] [pid 29597:tid 29597] [client 66.151.43.37:42910] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bcwildcats.org.bknj2.org"] [uri "/.env"] [unique_id "alpSNGo0ldG_p_N--QPQlQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Matthew Ping
2026-07-17 13:30:03
(1 day ago)
ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
๐ณ๐ฑ
e.fierstra
2026-07-17 13:12:10
(1 day ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:51:09
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:51:04.391297 2026] [security2:error] [pid 9597:tid 9597] [client 66.151.43.37:55910] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.movieheadshots.robertmcatee.com"] [uri "/.env"] [unique_id "alolOE73slqU2jFKPQg81AAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
helios.live
2026-07-17 11:26:54
(1 day ago)
2026/07/17 11:26:48 [error] 793370#793370: *1992104 access forbidden by rule, client: 66.151.43.37, ...
show more
2026/07/17 11:26:48 [error] 793370#793370: *1992104 access forbidden by rule, client: 66.151.43.37, server: kocerroxy.com, request: "GET /.env.sample HTTP/1.1", host: "kocerroxy.com"
2026/07/17 11:26:49 [error] 793370#793370: *1992108 access forbidden by rule, client: 66.151.43.37, server: kocerroxy.com, request: "GET /.env.dist HTTP/1.1", host: "kocerroxy.com"
2026/07/17 11:26:50 [error] 793370#793370: *1992115 access forbidden by rule, client: 66.151.43.37, server: kocerroxy.com, request: "GET /.env.template HTTP/1.1", host: "kocerroxy.com"
2026/07/17 11:26:52 [error] 793370#793370: *1992118 access forbidden by rule, client: 66.151.43.37, server: kocerroxy.com, request: "GET /.env.production.local HTTP/1.1", host: "kocerroxy.com"
2026/07/17 11:26:53 [error] 793370#793370: *1992129 access forbidden by rule, client: 66.151.43.37, server: kocerroxy.com, request: "GET /.env.development.local HTTP/1.1", host: "kocerroxy.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:20:32
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:20:24.630200 2026] [security2:error] [pid 19694:tid 19694] [client 66.151.43.37:60732] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.philadelphiacalligraphers.org.book-arts.com"] [uri "/.env"] [unique_id "aloP-GWYXJLhuINWUM0QRgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:46:23
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:46:15.516988 2026] [security2:error] [pid 31095:tid 31095] [client 66.151.43.37:35120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deharrisassoc.com"] [uri "/.env.test"] [unique_id "aloH9_HFi4borx2PuVNeEQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-17 10:28:17
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:09:48
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 66.151.43.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:09:41.583462 2026] [security2:error] [pid 18184:tid 18299] [client 66.151.43.37:60968] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.photo.gallery.the-aquifer.com"] [uri "/.env.production"] [unique_id "aln_ZRCltmlPc4saqahV_gAAAJM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 10:06:21
(1 day ago)
Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=156
Hacking
Anonymous
2026-07-17 09:18:17
(1 day ago)
66.151.43.37 - - [17/Jul/2026:11:18:12 +0200] "GET /.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows ...
show more
66.151.43.37 - - [17/Jul/2026:11:18:12 +0200] "GET /.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
66.151.43.37 - - [17/Jul/2026:11:18:12 +0200] "GET /.env.local HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
66.151.43.37 - - [17/Jul/2026:11:18:12 +0200] "GET /.env.production HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
66.151.43.37 - - [17/Jul/2026:11:18:13 +0200] "GET /.env.development HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https
...
show less
Bad Web Bot
Web App Attack