๐ซ๐ท
RootOPSOVH
2026-07-07 17:47:23
(1 hour ago)
GET /wp-admin/install.php?step=1 | UA: http://rootops.ovh/wp-admin/install.php?step=1
Web Spam
Bad Web Bot
Web App Attack
๐ฉ๐ช
langenkamp-media
2026-07-07 11:36:28
(8 hours ago)
Fail2Ban: Banned from jail nginx-nohome on 3dausdu.de
Web App Attack
๐ท๐บ
DZBOT
2026-07-06 15:23:35
(1 day ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ซ๐ท
RootOPSOVH
2026-07-06 12:09:41
(1 day ago)
GET /wp-admin/install.php?step=1 | UA: http://rootops.ovh/wp-admin/install.php?step=1
Web Spam
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 12:13:03
(1 week ago)
104.23.221.32 - - [29/Jun/2026:14:12:59 +0200] "GET /dropdown.php HTTP/1.1" 404 124 "-" "-"
104.23.2 ...
show more
104.23.221.32 - - [29/Jun/2026:14:12:59 +0200] "GET /dropdown.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:12:59 +0200] "GET /h02ugyh.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:12:59 +0200] "GET /op.php.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:12:59 +0200] "GET /bob.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /themes.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /zc-208.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /turkshell.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /cc3.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /solo1.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:00 +0200] "GET /xpwer1.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [29/Jun/2026:14:13:01 +0200] "GET /aboute.php HTTP/1.1" 404 124 "-" "-"
104.23.221.
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
mawan
2026-06-27 13:47:36
(1 week ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2026-06-25 09:17:50
(1 week ago)
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /222.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 ...
show more
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /222.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /pol.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /15ef5.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /test.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:46 +0200] "GET /aaa.php?p= HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET /11.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET /mac.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET /sg.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET //shll.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET //aa.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:47 +0200] "GET /by.php HTTP/1.1" 404 124 "-" "-"
104.23.221.32 - - [25/Jun/2026:11:17:4
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 02:06:15
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 22:06:07.633269 2026] [security2:error] [pid 18431:tid 18431] [client 104.23.221.32:10912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "investlocalinc.socialenterprise.net"] [uri "/.git/config"] [unique_id "ajX1j_YNRLgM_HqSfyvk7gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-06-18 10:13:40
(2 weeks ago)
ipoac.nl:80 104.23.221.32 - - [18/Jun/2026:12:13:39 +0200] - "GET /wp-admin/install.php?step=1 HTTP/ ...
show more
ipoac.nl:80 104.23.221.32 - - [18/Jun/2026:12:13:39 +0200] - "GET /wp-admin/install.php?step=1 HTTP/1.1" 302 955 "-" "http://-/wp-admin/install.php?step=1"
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-13 17:01:59
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 13:01:53.864273 2026] [security2:error] [pid 15947:tid 15947] [client 104.23.221.32:11990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwci.winformation.us"] [uri "/.env.dev"] [unique_id "ai2NAaDcwkgPxRWLDI0nZgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ph
2026-06-11 00:02:46
(3 weeks ago)
Bad web bot attempting to run wp-admin on non-WP site
Hacking
Bad Web Bot
Web App Attack
๐ซ๐ฎ
habs
2026-06-10 23:46:44
(3 weeks ago)
104.23.221.32 - - [11/Jun/2026:02:46:42 +0300] "GET /wp-admin/install.php?step=1 HTTP/2.0" 404 146 " ...
show more
104.23.221.32 - - [11/Jun/2026:02:46:42 +0300] "GET /wp-admin/install.php?step=1 HTTP/2.0" 404 146 "-" "http://koiranpeti.eu/wp-admin/install.php?step=1"
...
show less
Web App Attack
๐ฉ๐ช
Carsten
2026-06-09 13:04:28
(4 weeks ago)
GET [wp-admin/install.php?step=1]
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-09 02:39:09
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:39:05.339036 2026] [security2:error] [pid 21653:tid 21653] [client 104.23.221.32:12225] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mainefirst.arsenaultartistmanagement.com"] [uri "/.git/config"] [unique_id "aid8yRLKHB0rFvR28vMYywAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-09 02:11:04
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:10:59.425026 2026] [security2:error] [pid 21653:tid 21873] [client 104.23.221.32:12103] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dcmproductionsgroup.104ventures.com"] [uri "/.git/config"] [unique_id "aid2M78vYaIlRI8ewjGKIQAAAcw"]
show less
Brute-Force
Bad Web Bot
Web App Attack