๐บ๐ธ
FreeMyIP
2026-07-07 13:56:23
(1 week ago)
Automated fail2ban report: web application attack / scanning for exploitable paths.
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-05-14 22:05:57
(2 months ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-13.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-09 16:41:24
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 12:41:16.077654 2026] [security2:error] [pid 25911:tid 25911] [client 104.23.211.223:12203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fatcavemedia.com"] [uri "/.git/config"] [unique_id "af9jrFH2H7iR5CKw9ApFKAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-04-08 18:05:24
(3 months ago)
Scanning/Probing (20)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-05 18:05:20
(3 months ago)
Scanning/Probing (13)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-04 03:05:37
(3 months ago)
Scanning/Probing (14)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-03-30 12:05:37
(3 months ago)
Scanning/Probing (15)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 12:30:33
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 27 08:30:19.363542 2026] [security2:error] [pid 9785:tid 9899] [client 104.23.211.223:14001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thesardinemenmovie.plumeraproductions.com"] [uri "/config/.env"] [unique_id "acZ4WwsP5zXdCxCMfipaWQAAAZE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 07:46:45
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 27 03:46:36.082838 2026] [security2:error] [pid 27071:tid 27071] [client 104.23.211.223:9958] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.thomaschemicals.com"] [uri "/docker/.env"] [unique_id "acY13JWv0lFmi2HGQyIZrgAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 01:20:40
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 21:20:28.099804 2026] [security2:error] [pid 32668:tid 32668] [client 104.23.211.223:11627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.scifitimeline.com"] [uri "/www/.env"] [unique_id "acXbXDX94Oud9l90DmVWUgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 15:27:48
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 11:27:25.133477 2026] [security2:error] [pid 27050:tid 27050] [client 104.23.211.223:10509] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||clients.g-h2o.com|F|2"] [data ".env.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "clients.g-h2o.com"] [uri "/.env.old"] [unique_id "acVQXfcdb-U4R-hV4-nKZQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-26 14:32:28
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 10:32:11.957923 2026] [security2:error] [pid 1056:tid 1077] [client 104.23.211.223:10140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.hkyiquan.org"] [uri "/.env.development"] [unique_id "acVDa3r917N0VF5UR4SYAQAAAUQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 20:23:11
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 16:22:59.348087 2026] [security2:error] [pid 32444:tid 32444] [client 104.23.211.223:11291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "base86com.epetsure.co"] [uri "/.env_secret"] [unique_id "acREIzQCEcLESIxdPEx75QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 18:30:58
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 14:30:52.158309 2026] [security2:error] [pid 29350:tid 29350] [client 104.23.211.223:12060] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.medusakenya.com.illumoonatedtarot.com"] [uri "/public/.env"] [unique_id "acQp3L46NV5a2iUXFOz8vAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-25 05:44:32
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.211.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 01:44:26.901898 2026] [security2:error] [pid 30133:tid 30133] [client 104.23.211.223:14220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwightbrown.com.casagrotto.com"] [uri "/.env.staging"] [unique_id "acN2OgblEBl69GgozvW2pAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack