๐จ๐ญ
backslash
2026-07-02 08:06:10
(1 day ago)
block ruleset bad bot: misc bad content F608233CC4C86EE814CE8DDDA9C4A0D3C79882F6
Bad Web Bot
๐ฌ๐ง
OptimusGO
2026-06-25 10:49:59
(1 week ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-06-25 11:49:59 UTC
Log evidence:
104.23.229.2 - - [25/Jun/2026:11:49:58 +0100] "GET /chunk-B2FODB4I.js HTTP/1.1" 404 118 "-" "curl/8.7.1"
06/25/2026-11:49:58.344146 [**] [1:1000201:1] SCANNER: Bot-like User-Agent Detected [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 104.23.229.2:13010 -> 185.127.18.66:80
show less
Port Scan
Brute-Force
๐บ๐ธ
mawan
2026-06-23 12:53:43
(1 week ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฆ๐ฑ
router.al
2026-06-21 19:43:19
(1 week ago)
06/21/2026-19:43:19.326227 104.23.229.2 Protocol: 6 ET WEB_SPECIFIC_APPS Wordpress LiteSpeed Cache P ...
show more
06/21/2026-19:43:19.326227 104.23.229.2 Protocol: 6 ET WEB_SPECIFIC_APPS Wordpress LiteSpeed Cache Plugin debug.log Access Attempt (CVE-2024-44000)
show less
Hacking
๐บ๐ธ
mnsf
2026-06-16 05:05:52
(2 weeks ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 17:41:13
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 104.23.229.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.229.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 13:41:09.422892 2026] [security2:error] [pid 20884:tid 20884] [client 104.23.229.2:11608] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cloud.tidarat.com"] [uri "/.git/config"] [unique_id "aib-tSzht7pEb4v0jYa8zwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐ฑ
router.al
2026-06-06 08:09:40
(3 weeks ago)
06/06/2026-08:09:40.482456 104.23.229.2 Protocol: 6 ET WEB_SPECIFIC_APPS WordPress Plugin Gravity SM ...
show more
06/06/2026-08:09:40.482456 104.23.229.2 Protocol: 6 ET WEB_SPECIFIC_APPS WordPress Plugin Gravity SMTP Unauthenticated REST API (CVE-2026-4020)
show less
Hacking
๐ฆ๐ฑ
router.al
2026-05-16 16:54:39
(1 month ago)
05/16/2026-16:54:39.364785 104.23.229.2 Protocol: 6 ET SCAN WordPress Scanner Performing Multiple Re ...
show more
05/16/2026-16:54:39.364785 104.23.229.2 Protocol: 6 ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML
show less
Hacking
๐ฉ๐ช
acadeova
2026-05-01 12:01:50
(2 months ago)
๐จ Recon detected (nft drop)
SRC=104.23.229.2
Observed=TCP dpt=80 in=enp0s6 ttl=58
Time=recent(journa ...
show more
๐จ Recon detected (nft drop)
SRC=104.23.229.2
Observed=TCP dpt=80 in=enp0s6 ttl=58
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐ฉ๐ช
Sรฉfora Srl
2026-04-04 21:01:00
(2 months ago)
Failed attempt detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
๐ต๐ฑ
SwiftServer
2026-03-26 02:15:36
(3 months ago)
104.23.229.2 - - [26/Mar/2026:04:15:30 +0200] "GET /.env.development HTTP/1.1" 403 195 "-" "Mozilla/ ...
show more
104.23.229.2 - - [26/Mar/2026:04:15:30 +0200] "GET /.env.development HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [26/Mar/2026:04:15:30 +0200] "GET /.env.test HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [26/Mar/2026:04:15:31 +0200] "GET /.env.template HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [26/Mar/2026:04:15:33 +0200] "GET /new/.env HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K
...
show less
Brute-Force
Web App Attack
๐ต๐ฑ
SwiftServer
2026-03-24 18:09:20
(3 months ago)
104.23.229.2 - - [24/Mar/2026:20:09:19 +0200] "GET /.git/description HTTP/1.1" 403 134 "-" "curl/8.7 ...
show more
104.23.229.2 - - [24/Mar/2026:20:09:19 +0200] "GET /.git/description HTTP/1.1" 403 134 "-" "curl/8.7.1"
104.23.229.2 - - [24/Mar/2026:20:09:19 +0200] "GET /.git/FETCH_HEAD HTTP/1.1" 403 134 "-" "curl/8.7.1"
104.23.229.2 - - [24/Mar/2026:20:09:19 +0200] "GET /.git/ORIG_HEAD HTTP/1.1" 403 134 "-" "curl/8.7.1"
104.23.229.2 - - [24/Mar/2026:20:09:19 +0200] "GET /.github HTTP/1.1" 403 134 "-" "curl/8.7.1"
104.23.229.2 - - [24/Mar/2026:20:09:20 +0200] "GET /.github/workflows HTTP/1.1" 403 134 "-" "curl/8.7.1"
...
show less
Brute-Force
Web App Attack
๐ต๐ฑ
SwiftServer
2026-03-21 23:54:21
(3 months ago)
104.23.229.2 - - [22/Mar/2026:01:45:03 +0200] "GET /.env.production HTTP/1.1" 403 195 "-" "Mozilla/5 ...
show more
104.23.229.2 - - [22/Mar/2026:01:45:03 +0200] "GET /.env.production HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [22/Mar/2026:01:52:15 +0200] "GET /tmp/.env HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [22/Mar/2026:01:52:17 +0200] "GET /public/.env HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
104.23.229.2 - - [22/Mar/2026:01:52:19 +0200] "GET /portal/.env HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH
...
show less
Brute-Force
Web App Attack
๐ฎ๐ฉ
gonet.home
2026-03-21 04:05:07
(3 months ago)
Security Event Detected by SOC Gonet: event=alert, hits=3
Brute-Force
๐บ๐ธ
mnsf
2026-03-21 00:21:02
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack