๐บ๐ธ
mawan
2026-07-12 17:03:10
(18 hours ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐บ๐ธ
mawan
2026-07-10 23:57:53
(2 days ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฌ๐ง
sandra361
2026-05-25 18:43:02
(1 month ago)
Port scan detected: 7 attempts across 1 ports (443). | Evidence: GHOST_SCAN:IN=enp1s0 OUT= SRC=104.2 ...
show more
Port scan detected: 7 attempts across 1 ports (443). | Evidence: GHOST_SCAN:IN=enp1s0 OUT= SRC=104.23.213.144 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=34220 DF PROTO=TCP SPT=13747 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
show less
Port Scan
๐ณ๐ฑ
homeshowdomain.nl
2026-05-14 22:06:01
(1 month ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-13.
show less
Web App Attack
SSH
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-09 17:45:34
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 13:45:28.022157 2026] [security2:error] [pid 1313:tid 1313] [client 104.23.213.144:13877] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "misterflores.com"] [uri "/.git/config"] [unique_id "af9yuNfAemS0ViqqaA3p6wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-04-07 17:05:25
(3 months ago)
Scanning/Probing (21)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-06 16:05:17
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-04-05 03:05:22
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-04-04 08:29:04
(3 months ago)
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-mnz6-7)
Hacking
Web App Attack
๐บ๐ธ
mnsf
2026-03-29 22:05:19
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-29 19:49:33
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 15:49:27.804484 2026] [security2:error] [pid 14856:tid 14856] [client 104.23.213.144:13644] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nessmonsters.com"] [uri "/admin/.env"] [unique_id "acmCR1uOyyu6aMw0vLL_IwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-29 19:33:03
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 15:32:55.846860 2026] [security2:error] [pid 20564:tid 20564] [client 104.23.213.144:12606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.wwts.io"] [uri "/.env"] [unique_id "acl-Z8zE1_OcWjkc5UO2vgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-29 19:17:12
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 15:17:08.859212 2026] [security2:error] [pid 7614:tid 7614] [client 104.23.213.144:14058] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.jemsfood.com"] [uri "/var/www/.env"] [unique_id "acl6tNrHsZl39Zf7fdXyWAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-29 17:53:47
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 13:53:39.534295 2026] [security2:error] [pid 660:tid 660] [client 104.23.213.144:10257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "noreservationslocations.com"] [uri "/.env.local.backup"] [unique_id "aclnI0tXYc6111dJe8zx3wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-27 13:04:04
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.213.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 27 09:03:57.668449 2026] [security2:error] [pid 5755:tid 5755] [client 104.23.213.144:12216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.swetzer.net"] [uri "/.env.staging"] [unique_id "acaAPTHa-3SpN9nPwqFZTQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack