Anonymous
2026-07-18 11:43:35
(7 hours ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
๐ป๐ช
LUISE
2026-07-17 15:59:36
(1 day ago)
Vulnerability scanning for Web/phpMyAdmin files on ULA server 72-23.
Hacking
Bad Web Bot
๐ป๐ช
LUISE
2026-07-06 00:26:05
(1 week ago)
Vulnerability scanning for Web/phpMyAdmin files on ULA server 72-23.
Hacking
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-02 13:06:46
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 09:06:38.384335 2026] [security2:error] [pid 4860:tid 4860] [client 104.23.166.16:10028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fletcherdouglas.com"] [uri "/.git/config"] [unique_id "akZiXrWiKPcdIUV7D89ueAAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 03:00:19
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 23:00:06.672738 2026] [security2:error] [pid 22790:tid 22850] [client 104.23.166.16:10458] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.condominium-property-management.com.property-management-companies-chicago.com"] [uri "/.env.backup"] [unique_id "ajdTtimsq5NSxKDKXmfzHQAAAYA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 19:37:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 15:37:52.238428 2026] [security2:error] [pid 23457:tid 23457] [client 104.23.166.16:10625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.agingworkforcenews.com"] [uri "/.git/config"] [unique_id "aicaEKnuOq-guBk8zWJZPQAAACc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
chengkev
2026-06-04 14:54:03
(1 month ago)
Esta IP fue detectada por CrowdSec, activando crowdsecurity/http-probing
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-28 09:28:45
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.166.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 05:27:58.326788 2026] [security2:error] [pid 6427:tid 6427] [client 104.23.166.16:12705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.notearsweb.com"] [uri "/.env"] [unique_id "ahgKnvGQyIKW9e8fPT2sfgAAACE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-21 21:40:03
(1 month ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-05-19 05:13:53
(1 month ago)
2 attacks on VC URLs:
GET /.git/HEAD HTTP/1.1
Hacking
๐บ๐ธ
Player Unknown
2026-05-14 16:39:46
(2 months ago)
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /phpinfo.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
...
show more
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /phpinfo.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /php_info.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /php-info.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /test.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /php.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /i.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:44 -0700] "GET /p.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:45 -0700] "GET /pi.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:45 -0700] "GET /infophp.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
104.23.166.16 - - [14/May/2026:09:39:45 -0700] "GET /sysinfo.php HTTP/1.1" 404 47 "-" "Mozilla/5.0"
...
show less
Brute-Force
SSH
๐ซ๐ท
chengkev
2026-05-10 00:31:21
(2 months ago)
Esta IP fue detectada por CrowdSec, activando crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐ฌ๐ง
openstrike.co.uk
2026-04-15 05:14:57
(3 months ago)
2 attacks on VC URLs, env grabbing URLs:
GET /.git/HEAD HTTP/1.1
GET /.env.bak HTTP/1.1
Hacking
Anonymous
2026-04-08 18:52:54
(3 months ago)
[Wed Apr 08 20:52:52.637140 2026] [authz_core:error] [pid 6111] [client 104.23.166.16:12577] AH01630 ...
show more
[Wed Apr 08 20:52:52.637140 2026] [authz_core:error] [pid 6111] [client 104.23.166.16:12577] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Wed Apr 08 20:52:52.958860 2026] [authz_core:error] [pid 6111] [client 104.23.166.16:12577] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Wed Apr 08 20:52:53.175140 2026] [authz_core:error] [pid 6111] [client 104.23.166.16:12577] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Web App Attack
๐ซ๐ท
vtchost.com
2026-04-02 14:19:50
(3 months ago)
party.minux.cc:443 104.23.166.16 - - [02/Apr/2026:16:19:49 +0200] "GET / HTTP/1.1" 403 3012 "-" "Go- ...
show more
party.minux.cc:443 104.23.166.16 - - [02/Apr/2026:16:19:49 +0200] "GET / HTTP/1.1" 403 3012 "-" "Go-http-client/1.1"
...
show less
Bad Web Bot