๐บ๐ธ
mawan
2026-07-07 03:34:00
(1 week ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฉ๐ช
Blexyel
2026-06-21 12:34:12
(3 weeks ago)
104.23.209.88 - - [21/Jun/2026:14:34:11 +0200] "GET /.git/config HTTP/1.1" 404 13 "-" "git/2.39.2"
. ...
show more
104.23.209.88 - - [21/Jun/2026:14:34:11 +0200] "GET /.git/config HTTP/1.1" 404 13 "-" "git/2.39.2"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-08 20:06:22
(3 months ago)
Scanning/Probing (18)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-05 13:05:55
(3 months ago)
Scanning/Probing (15)
Brute-Force
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-03-29 17:16:36
(3 months ago)
104.23.209.88 - - [29/Mar/2026:20:16:31 +0300] "GET /wp-content/uploads/index.php HTTP/1.1" 404 357 ...
show more
104.23.209.88 - - [29/Mar/2026:20:16:31 +0300] "GET /wp-content/uploads/index.php HTTP/1.1" 404 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.209.88 - - [29/Mar/2026:20:16:35 +0300] "GET /wp-admin/user/index.php HTTP/1.1" 404 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-22 07:35:23
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 03:35:15.868836 2026] [security2:error] [pid 18811:tid 18811] [client 104.23.209.88:10996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.randomgroovemusic.com"] [uri "/.env_settings"] [unique_id "ab-bs8GkcYr3a1lHxoA3AQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-22 04:26:08
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 00:26:05.408712 2026] [security2:error] [pid 23869:tid 23869] [client 104.23.209.88:11459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.barkdull.org"] [uri "/.env.staging"] [unique_id "ab9vXU0shfVko4y-A0-zoQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-21 12:13:33
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 21 08:13:27.048737 2026] [security2:error] [pid 1633:tid 1633] [client 104.23.209.88:9627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.ifmamasang.com"] [uri "/.env.dev.local"] [unique_id "ab6LZwLTyPBgBr4jzgU9_AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-21 02:36:17
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 22:36:11.484136 2026] [security2:error] [pid 32199:tid 32199] [client 104.23.209.88:14273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.tijuana-bibles.com"] [uri "/.env.production.local"] [unique_id "ab4EG8SaiFegzNjB5cu_NAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-21 02:03:37
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 22:03:29.281728 2026] [security2:error] [pid 20148:tid 20148] [client 104.23.209.88:9863] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.chat.5995.us"] [uri "/root/.env"] [unique_id "ab38cT4N6ZLMF4tbUip3ywAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-21 00:36:19
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.209.88 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 20:36:13.635254 2026] [security2:error] [pid 19473:tid 19473] [client 104.23.209.88:9817] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.rdj.us"] [uri "/.env.example"] [unique_id "ab3n_Z5DzlaTt-4DfOtc2wAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mawan
2026-02-14 14:18:33
(5 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2025-12-27 23:22:26
(6 months ago)
[Sun Dec 28 00:22:24.413052 2025] [authz_core:error] [pid 12586] [client 104.23.209.88:11769] AH0163 ...
show more
[Sun Dec 28 00:22:24.413052 2025] [authz_core:error] [pid 12586] [client 104.23.209.88:11769] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sun Dec 28 00:22:25.246534 2025] [authz_core:error] [pid 12586] [client 104.23.209.88:11769] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sun Dec 28 00:22:25.917257 2025] [authz_core:error] [pid 12586] [client 104.23.209.88:11769] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Web App Attack
๐ช๐ธ
el-brujo
2025-12-07 02:45:36
(7 months ago)
07/Dec/2025:03:45:36.301687 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
07/Dec/2025:03:45:36.301687 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 104.23.209.88] ModSecurity: Warning. Pattern match "(?:^|=)\\\\\\\\s*(?:{|\\\\\\\\s*\\\\\\\\(\\\\\\\\s*|\\\\\\\\w+=(?:[^\\\\\\\\s]*|\\\\\\\\$.*|\\\\\\\\$.*|<.*|>.*|\\\\\\\\'.*\\\\\\\\'|\\\\".*\\\\")\\\\\\\\s+|!\\\\\\\\s*|\\\\\\\\$)*\\\\\\\\s*(?:'|\\\\")*(?:[\\\\\\\\?\\\\\\\\*\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\\)\\\\\\\\-\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"]*(?:l[\\\\\\\\\\\\\\\\'\\\\"]*(?:s(?:[\\\\\\\\\\\\\\\\'\\\\"]*(?:b[\\\\\\\\\\\\\\\\'\\\\"]*_[\\\\\\\\\\\\\\\\'\\\\"]*r[\\\\\\\\\\\\\\\\'\\\\"]*e[\\\\\\\\\\\\\\\\'\\\\"]*l[\\\\\\\\\\\\\\\\' ..." at ARGS_NAMES:php echo esc_url( get_template_directory_uri() ); ?>/assets/images/tourist-and-building.webp. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "464"] [id "932150"] [msg "Remote Command Execution: Direct Unix Command Execution"] [data "Matched D
...
show less
Hacking
Web App Attack
๐ง๐ท
leolemos
2025-09-28 06:23:08
(9 months ago)
[Sun Sep 28 03:23:06.998457 2025] [proxy_fcgi:error] [pid 3788287] [client 104.23.209.88:47154] AH01 ...
show more
[Sun Sep 28 03:23:06.998457 2025] [proxy_fcgi:error] [pid 3788287] [client 104.23.209.88:47154] AH01071: Got error 'Primary script unknown'
[Sun Sep 28 03:23:07.143851 2025] [proxy_fcgi:error] [pid 3788287] [client 104.23.209.88:47154] AH01071: Got error 'Primary script unknown'
[Sun Sep 28 03:23:07.293427 2025] [proxy_fcgi:error] [pid 3788287] [client 104.23.209.88:47154] AH01071: Got error 'Primary script unknown'
show less
Brute-Force
Web App Attack