๐บ๐ธ
TPI-Abuse
2026-07-13 02:18:46
(2 days ago)
(mod_security) mod_security (id:949110) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 22:18:39.026457 2026] [security2:error] [pid 1050:tid 1050] [client 104.23.239.140:9577] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "akistech.com"] [uri "/.env.test"] [unique_id "alRK_38uB7dRfvKvM8hNZwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-07-09 21:37:33
(5 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
Anonymous
2026-06-28 21:54:43
(2 weeks ago)
Repeated unauthorized connection attempts to restricted service observed.
Port Scan
Hacking
Bad Web Bot
Web App Attack
๐ซ๐ฎ
Erpelstolz
2026-06-28 20:04:00
(2 weeks ago)
external host: 104.23.239.140 - - [28/Jun/2026:22:04:00 +0200] "GET /wp-admin/install.php?step=1 HTT ...
show more
external host: 104.23.239.140 - - [28/Jun/2026:22:04:00 +0200] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 325 "-" "http://erpelstolz.com/wp-admin/install.php?step=1" CF-Ray:a12f4c4ceaf4f2c0-FRA CF-IP:-
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-20 23:34:53
(3 weeks ago)
104.23.239.140 - - [21/Jun/2026:02:31:11 +0300] "GET /wp-content/mu-plugins/ HTTP/1.1" 404 768 "-" " ...
show more
104.23.239.140 - - [21/Jun/2026:02:31:11 +0300] "GET /wp-content/mu-plugins/ HTTP/1.1" 404 768 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
104.23.239.140 - - [21/Jun/2026:02:34:52 +0300] "GET /wp-admin/css/ HTTP/1.1" 404 768 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
Web App Attack
๐ท๐บ
DZBOT
2026-06-14 11:17:24
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ซ๐ฎ
inlink.ltd
2026-06-11 04:59:13
(1 month ago)
Known malicious PHP file or CMS probe
Web App Attack
๐ซ๐ฎ
nNordic
2026-06-09 10:22:01
(1 month ago)
Connection attempt blocked by IDS/IPS from 104.23.239.140/32
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-06 17:38:06
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 13:38:03.718439 2026] [security2:error] [pid 22088:tid 22088] [client 104.23.239.140:10765] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mentalmolecule.org"] [uri "/.git/config"] [unique_id "aiRa-3qLIJcVYfqXk0kSWQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 03:45:08
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:45:02.955486 2026] [security2:error] [pid 10419:tid 10429] [client 104.23.239.140:10533] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vavryn.net"] [uri "/.git/config"] [unique_id "aiD0vrl81E6GtYsJdkwNIQAAAUc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 19:01:12
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:01:05.359063 2026] [security2:error] [pid 6180:tid 6180] [client 104.23.239.140:9218] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "multimediaperformances.com"] [uri "/.git/config"] [unique_id "ah8ocaShrBlYdk3Vs672bQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 12:54:39
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.239.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 08:54:35.273911 2026] [security2:error] [pid 24373:tid 24373] [client 104.23.239.140:10455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infinite-e.com"] [uri "/.git/config"] [unique_id "ah7Si8VlxiODXxigO3PUGwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-06-02 09:06:58
(1 month ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐ซ๐ฎ
Erpelstolz
2026-05-22 02:53:58
(1 month ago)
external host: 104.23.239.140 - - [22/May/2026:04:53:57 +0200] "GET /wp-admin/install.php?step=1 HTT ...
show more
external host: 104.23.239.140 - - [22/May/2026:04:53:57 +0200] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 599 "-" "http://erpelstolz.com/wp-admin/install.php?step=1"
show less
Web App Attack
Anonymous
2026-05-21 02:52:40
(1 month ago)
(caddyscan) Scanner path probe from 104.23.239.140 (DE/Germany/-): 5 in the last 3600 secs; Ports: * ...
show more
(caddyscan) Scanner path probe from 104.23.239.140 (DE/Germany/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 104.23.239.140 - - [21/May/2026:02:41:05 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.239.140 - - [21/May/2026:02:48:55 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.239.140 - - [21/May/2026:02:49:11 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.239.140 - - [21/May/2026:02:49:29 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.239.140 - - [21/May/2026:02:52:34 +0000] "GET /.git/config HTTP/1.1"
show less
Port Scan