๐ฏ๐ต
S.O.B.A. Dev.
2026-06-13 01:01:41
(3 weeks ago)
Persistent port scanning or vulnerability scanning
Port Scan
๐บ๐ธ
TPI-Abuse
2026-05-15 11:08:38
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 07:06:17.340277 2026] [security2:error] [pid 1598:tid 1598] [client 104.23.211.194:10860] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||seychelles-boat-registration.com|F|2"] [data ".tfstate.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "seychelles-boat-registration.com"] [uri "/terraform.tfstate.backup"] [unique_id "agb-KaDefILmtI8mjVE4IAAAABk"], referer: https://www.google.com/search?q=seychelles-boat-registration.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-10 05:51:45
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 01:51:40.566137 2026] [security2:error] [pid 27639:tid 27639] [client 104.23.211.194:11722] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "megaandina.com"] [uri "/.git/config"] [unique_id "agAc7PbgM38WRWiFneRlhAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-09 20:28:00
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 16:27:54.280796 2026] [security2:error] [pid 25740:tid 25740] [client 104.23.211.194:10195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ozera.com"] [uri "/.git/config"] [unique_id "af-YymlhM0kty_c5nxaZjwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
S.O.B.A. Dev.
2026-05-08 22:37:42
(1 month ago)
Persistent port scanning or vulnerability scanning
Port Scan
๐ฉ๐ช
acadeova
2026-04-17 22:42:06
(2 months ago)
๐จ Recon detected (nft drop)
SRC=104.23.211.194
Observed=TCP dpt=80 in=enp0s6 ttl=56
Time=recent(jour ...
show more
๐จ Recon detected (nft drop)
SRC=104.23.211.194
Observed=TCP dpt=80 in=enp0s6 ttl=56
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐บ๐ธ
mnsf
2026-04-07 00:05:46
(3 months ago)
Scanning/Probing (14)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-04 17:05:55
(3 months ago)
Scanning/Probing (22)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-02 15:05:35
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 21:39:19
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 17:38:59.941431 2026] [security2:error] [pid 11155:tid 11155] [client 104.23.211.194:13567] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.rasmisdigital.com"] [uri "/.env.backup"] [unique_id "acWnc0x9J43FA1YmrVfBGQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 14:26:46
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 10:26:36.984793 2026] [security2:error] [pid 9867:tid 9867] [client 104.23.211.194:12186] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.pamfilyataban.com"] [uri "/.env.test"] [unique_id "acVCHG0GHaALSoIcLIREFAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 13:04:47
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 09:04:38.692886 2026] [security2:error] [pid 29167:tid 29167] [client 104.23.211.194:11040] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clearlightcarwash.com"] [uri "/.env.bak"] [unique_id "acUu5r0EvKRGAmJ1GbdzrwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 20:50:36
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 16:50:21.775130 2026] [security2:error] [pid 17674:tid 17674] [client 104.23.211.194:12660] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanlegion935.com"] [uri "/config/.env"] [unique_id "acRKjdi76TSS9aB4mfXO4wAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-24 19:46:20
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 24 15:46:11.541568 2026] [security2:error] [pid 9065:tid 9079] [client 104.23.211.194:11213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.isa-energy.net"] [uri "/.envrc"] [unique_id "acLqA6YgpLyLvcw1nvVNPQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-24 18:11:10
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 24 14:10:47.349816 2026] [security2:error] [pid 22438:tid 22438] [client 104.23.211.194:11037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.thecrossing1.com"] [uri "/.env_config"] [unique_id "acLTp0bWaEXrYW_ye0hM1AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack