๐ซ๐ฎ
Erpelstolz
2026-07-09 06:38:44
(3 hours ago)
external host: 104.23.223.103 - - [09/Jul/2026:08:38:44 +0200] "GET /wp-admin/install.php?step=1 HTT ...
show more
external host: 104.23.223.103 - - [09/Jul/2026:08:38:44 +0200] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 325 "-" "http://erpelstolz.com/wp-admin/install.php?step=1" CF-Ray:a18553d6de7d1e3a-ARN CF-IP:-
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 06:38:01
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 02:37:55.112090 2026] [security2:error] [pid 1310:tid 1310] [client 104.23.223.103:9231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wisdomwfo.com"] [uri "/.git/config"] [unique_id "akYHQyx4aUIDmTdjRGQj-QAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
SMi-Web
2026-06-27 01:43:21
(1 week ago)
Blocked by firewall on hugin [2087/tcp] | Rule: UFW | SPT: 12009 | TTL: 56 | LEN: 60 | TOS: 0x00 โข R ...
show more
Blocked by firewall on hugin [2087/tcp] | Rule: UFW | SPT: 12009 | TTL: 56 | LEN: 60 | TOS: 0x00 โข Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐ท๐บ
DZBOT
2026-06-21 00:40:14
(2 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-17 12:22:51
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 08:22:47.743405 2026] [security2:error] [pid 734:tid 758] [client 104.23.223.103:13694] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eafm.org.aafm.us"] [uri "/.git/config"] [unique_id "ajKRl4AnmcDMG0dVYiWxhQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TNZ
2026-06-17 08:55:03
(3 weeks ago)
Automated honeypot: waf:RFI-001 | Path: /wp-admin/install.php | ISP: AS13335 Cloudflare, Inc. | ASN: ...
show more
Automated honeypot: waf:RFI-001 | Path: /wp-admin/install.php | ISP: AS13335 Cloudflare, Inc. | ASN: AS13335 Cloudflare, Inc. [PROXY] | Abuse score: 0 | Open ports: [] | UA: http://getkovamail.com/wp-admin/install.php?step=1
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 18:09:12
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 14:09:04.643787 2026] [security2:error] [pid 19479:tid 19479] [client 104.23.223.103:12254] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "janeeyrecollection.com"] [uri "/.git/config"] [unique_id "ajGRQONfMKAHna2JUm89_wAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
tecnoacquisti.com
2026-06-12 22:47:00
(3 weeks ago)
PrestaShop Security Module: Calls WordPress paths probing known vulnerabilities
Web App Attack
๐ซ๐ฎ
habs
2026-06-10 05:08:40
(4 weeks ago)
104.23.223.103 - - [10/Jun/2026:08:08:39 +0300] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 162 ...
show more
104.23.223.103 - - [10/Jun/2026:08:08:39 +0300] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 162 "-" "http://koiranpeti.eu/wp-admin/install.php?step=1"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-09 02:27:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:27:40.203333 2026] [security2:error] [pid 5513:tid 5513] [client 104.23.223.103:11549] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hotdamnsam.onlyincanada-eh.com"] [uri "/.git/config"] [unique_id "aid6HEFj9IXg-XKG06AE1AAAAIk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
abdubhai
2026-06-09 02:25:08
(1 month ago)
104.23.223.103 - - [09/Jun/2026:
...
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-09 01:54:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 21:54:30.988479 2026] [security2:error] [pid 3667:tid 3667] [client 104.23.223.103:12018] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richardpetersbooks.easyweb-publishing.com"] [uri "/.git/config"] [unique_id "aidyVp5pU1gMxXQU2xSmggAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 17:15:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 13:15:33.586779 2026] [security2:error] [pid 21526:tid 21526] [client 104.23.223.103:12587] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "slcflyers.com.rollinchassis.com"] [uri "/.git/config"] [unique_id "aib4tUFava2arWZ66n4XmAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-05-26 12:27:46
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-25 06:51:28
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.223.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 02:51:20.956965 2026] [security2:error] [pid 11519:tid 11519] [client 104.23.223.103:12558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.merlinaerospace.com"] [uri "/.git/config"] [unique_id "ahPxaJPwoVa3xJgVoOLW5QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack