๐บ๐ธ
TPI-Abuse
2026-07-16 14:58:41
(12 hours ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 10:58:36.851212 2026] [security2:error] [pid 12858:tid 12858] [client 104.28.161.4:53777] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||reyadecostarica.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "reyadecostarica.com"] [uri "/"] [unique_id "aljxnOGgQrkdzeZ_NGslJgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 14:38:31
(12 hours ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 10:38:26.401203 2026] [security2:error] [pid 23195:tid 23266] [client 104.28.161.4:55284] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.victorchiarizia.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.victorchiarizia.com"] [uri "/"] [unique_id "aljs4jHzKeRrJy2BGbgKbQAAAg8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 14:11:58
(13 hours ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 10:11:53.462519 2026] [security2:error] [pid 1169:tid 1169] [client 104.28.161.4:53544] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||gsrsv.org|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "gsrsv.org"] [uri "/"] [unique_id "aljmqZ_WfeJv73aVDrpVpgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 21:42:14
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 17:42:09.022212 2026] [security2:error] [pid 464:tid 464] [client 104.28.161.4:62682] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||ypsisda.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ypsisda.net"] [uri "/"] [unique_id "alf-sfpWuJDSEFCd4qCN6QAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 14:33:03
(2 days ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 10:32:56.966525 2026] [security2:error] [pid 9880:tid 9880] [client 104.28.161.4:48618] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||patrickodougherty.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "patrickodougherty.com"] [uri "/"] [unique_id "alZImBN_NCcVEvxFOM29KwAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 14:07:29
(2 days ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 10:07:22.693710 2026] [security2:error] [pid 14231:tid 14231] [client 104.28.161.4:47695] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||esad.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "esad.com"] [uri "/"] [unique_id "alZCmn3n4ekyE2xagohk8QAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:33:53
(2 days ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:33:49.734802 2026] [security2:error] [pid 25569:tid 25569] [client 104.28.161.4:47577] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||troop9weymouth.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "troop9weymouth.com"] [uri "/"] [unique_id "alXKPfVxjTDSRuBUXlj2TwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:15:57
(2 days ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:15:54.589020 2026] [security2:error] [pid 15223:tid 15223] [client 104.28.161.4:46140] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||performingartsguild.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "performingartsguild.com"] [uri "/"] [unique_id "alXGCooWUU-q3aLtdnmojQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 04:55:00
(2 days ago)
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210350) triggered by 104.28.161.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:54:52.439940 2026] [security2:error] [pid 21470:tid 21470] [client 104.28.161.4:45431] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||hendersonsign.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "hendersonsign.com"] [uri "/"] [unique_id "alXBHLrQ1sDYETFVkFtBYgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
xmission.com
2026-06-15 17:51:51
(1 month ago)
Blocked by UFW (TCP on 123)
Source port: 35931
TTL: 57
Packet length: 60
TOS: 0x00
This report (for ...
show more
Blocked by UFW (TCP on 123)
Source port: 35931
TTL: 57
Packet length: 60
TOS: 0x00
This report (for 104.28.161.4) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐จ๐ฟ
Honzas
2026-05-25 13:03:01
(1 month ago)
Brute Force SMTP AUTH Attack
Brute-Force
๐บ๐ธ
xmission.com
2026-05-12 09:31:30
(2 months ago)
Blocked by UFW (TCP on 123)
Source port: 39660
TTL: 49
Packet length: 60
TOS: 0x08
This report (for ...
show more
Blocked by UFW (TCP on 123)
Source port: 39660
TTL: 49
Packet length: 60
TOS: 0x08
This report (for 104.28.161.4) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ธ
xmission.com
2026-05-09 17:57:50
(2 months ago)
Blocked by UFW (TCP on 123)
Source port: 58002
TTL: 49
Packet length: 60
TOS: 0x08
This report (for ...
show more
Blocked by UFW (TCP on 123)
Source port: 58002
TTL: 49
Packet length: 60
TOS: 0x08
This report (for 104.28.161.4) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐ฌ๐ง
openstrike.co.uk
2026-05-02 09:20:22
(2 months ago)
8 packets to port 465
Brute-Force
๐ฎ๐ฉ
xveil
2026-05-01 00:39:46
(2 months ago)
2026-05-01T07:39:44.115021 mail-honeypot postfix/submission/smtpd[7849]: warning: unknown[104.28.161 ...
show more
2026-05-01T07:39:44.115021 mail-honeypot postfix/submission/smtpd[7849]: warning: unknown[104.28.161.4]: SASL PLAIN authentication failed: authentication failure
...
show less
Brute-Force