๐ฉ๐ช
pcpiefke
2026-07-17 15:44:05
(1 hour ago)
(mod_security) mod_security triggered on hostname [redacted] 94.16.121.189 (DE/Germany/v220260636426 ...
show more
(mod_security) mod_security triggered on hostname [redacted] 94.16.121.189 (DE/Germany/v2202606364266466387.nicesrv.de)
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-17 14:02:35
(3 hours ago)
(mod_security) mod_security (id:949110) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:949110) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 10:02:29.798413 2026] [security2:error] [pid 897024:tid 897024] [client 94.16.121.189:44935] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.weddingb.trophiesetc.us"] [uri "/backup/.env"] [unique_id "alo19VUOmq5kWIVXEXd2xQAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 11:38:44
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:38:37.362636 2026] [security2:error] [pid 19977:tid 19977] [client 94.16.121.189:56894] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lanegraves.com"] [uri "/.env.dev"] [unique_id "aloUPbZ-h19ll6_4L6TiOgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 09:59:59
(7 hours ago)
Aggressive web scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:42:57
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:42:51.365519 2026] [security2:error] [pid 12178:tid 12178] [client 94.16.121.189:7202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "d365geek.com"] [uri "/.env.development"] [unique_id "alnrC7m2AOyfclzz8m_ZEwAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:20:49
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:20:44.405694 2026] [security2:error] [pid 29391:tid 29391] [client 94.16.121.189:59974] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barbaraedidin.com"] [uri "/.env.template"] [unique_id "alnl3EopdYzwP6x9tWQrvQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
blinx
2026-07-17 05:09:13
(12 hours ago)
Suspicious activity detected by Modsecurity
Web Spam
Port Scan
Hacking
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 03:10:09
(14 hours ago)
{"reqId":"btlqiB4flI8K80STuW1t","level":1,"time":"2026-07-17T05:10:02+02:00","remoteAddr":"94.16.121 ...
show more
{"reqId":"btlqiB4flI8K80STuW1t","level":1,"time":"2026-07-17T05:10:02+02:00","remoteAddr":"94.16.121.189","user":"--","app":"core","method":"GET","url":"/application-prod.properties","scriptName":"/index.php","message":"Trusted domain error. \"94.16.121.189\" tried to access using \"rodimus.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)","version":"34.0.1.2","data":{"app":"core"}}
{"reqId":"cgfDedU9gHh807jcVWUw","level":1,"time":"2026-07-17T05:10:05+02:00","remoteAddr":"94.16.121.189","user":"--","app":"core","method":"GET","url":"/appsettings.json","scriptName":"/index.php","message":"Trusted domain error. \"94.16.121.189\" tried to access using \"rodimus.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://sil
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:02:01
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:01:56.947025 2026] [security2:error] [pid 24263:tid 24342] [client 94.16.121.189:47962] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kristinaarocho.docdalton.com"] [uri "/.env"] [unique_id "almbJINgJ_HKdsJeX33YmwAAAcs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:43:34
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:43:30.255230 2026] [security2:error] [pid 160918:tid 160918] [client 94.16.121.189:29602] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mahoninginn.com"] [uri "/app/.env"] [unique_id "almW0i_nFbZ5omVawG4QQQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 02:13:30
(15 hours ago)
(caddyscan) Scanner path probe from 94.16.121.189 (DE/Germany/v2202606364266466387.nicesrv.de): 5 in ...
show more
(caddyscan) Scanner path probe from 94.16.121.189 (DE/Germany/v2202606364266466387.nicesrv.de): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 94.16.121.189 - - [17/Jul/2026:02:13:28 +0000] "GET /.env.vault HTTP/1.1"
[REDACTED] 200 2627 94.16.121.189 - - [17/Jul/2026:02:13:28 +0000] "GET /.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 94.16.121.189 - - [17/Jul/2026:02:13:28 +0000] "GET /.aws/config HTTP/1.1"
[REDACTED] 200 2627 94.16.121.189 - - [17/Jul/2026:02:13:29 +0000] "GET /storage/framework/.env HTTP/1.1"
[REDACTED] 200 2627 94.16.121.189 - - [17/Jul/2026:02:13:29 +0000] "GET /laravel/.env HTTP/1.1"
show less
Port Scan
๐ญ๐บ
bcsaba
2026-07-17 01:30:05
(16 hours ago)
Looking for wp-config backup
94.16.121.189 - - [17/Jul/2026:03:28:29 +0200] "GET /wp-config.php.old ...
show more
Looking for wp-config backup
94.16.121.189 - - [17/Jul/2026:03:28:29 +0200] "GET /wp-config.php.old HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)"
show less
Web App Attack
๐ท๐บ
DZBOT
2026-07-17 01:17:22
(16 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฌ๐ง
andypiper
2026-07-17 01:02:16
(16 hours ago)
CrowdSec ban for AbuseIPDB Top List
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 00:24:59
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.189 (v2202606364266466387.nicesrv.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 20:24:54.780456 2026] [security2:error] [pid 3770483:tid 3770483] [client 94.16.121.189:31704] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frootloops.net"] [uri "/.env.old"] [unique_id "all2Vk-9BV0O4Sx1xCZknwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack