itsnixk - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User itsnixk joined AbuseIPDB in April 2026 and has reported 3,150 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER

IP	Date	Comment	Categories
🇨🇭 209.99.188.240	1 minute ago	(mod_security) mod_security (id:920350) triggered by 209.99.188.240 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:920350) triggered by 209.99.188.240 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 20:55:56.331860 2026] [security2:error] [pid 1425377:tid 1425482] [client 209.99.188.240:40734] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh"] [unique_id "aiIenMLjYHBKJXpdsW4knQAAABY"] show less	Port Scan
🇺🇸 66.132.224.93	5 minutes ago	(mod_security) mod_security (id:920350) triggered by 66.132.224.93 (US/United States/93.224.132.66.c ... show more (mod_security) mod_security (id:920350) triggered by 66.132.224.93 (US/United States/93.224.132.66.censys-scanner.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 20:52:36.302709 2026] [security2:error] [pid 1425377:tid 1425465] [client 66.132.224.93:51558] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiId1MLjYHBKJXpdsW4kSAAAAAU"] show less	Port Scan
🇺🇸 205.210.31.47	28 minutes ago	(mod_security) mod_security (id:920280) triggered by 205.210.31.47 (US/United States/-): 1 in the la ... show more (mod_security) mod_security (id:920280) triggered by 205.210.31.47 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 20:29:22.693945 2026] [security2:error] [pid 1425377:tid 1425470] [client 205.210.31.47:55646] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "567"] [id "920280"] [msg "Request Missing a Host Header"] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiIYYsLjYHBKJXpdsW4gxgAAAAo"] show less	Port Scan
🇧🇷 205.210.31.180	34 minutes ago	(mod_security) mod_security (id:920350) triggered by 205.210.31.180 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:920350) triggered by 205.210.31.180 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 20:23:27.071031 2026] [security2:error] [pid 1425377:tid 1425474] [client 205.210.31.180:64206] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiIW_8LjYHBKJXpdsW4gKQAAAA4"] show less	Port Scan
🇸🇬 178.128.95.222	1 hour ago	(mod_security) mod_security (id:913100) triggered by 178.128.95.222 (SG/Singapore/-): 1 in the last ... show more (mod_security) mod_security (id:913100) triggered by 178.128.95.222 (SG/Singapore/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 19:40:49.690180 2026] [security2:error] [pid 1425377:tid 1425495] [client 178.128.95.222:54918] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity.d/REQUEST-913-SCANNER-DETECTION.conf"] [line "56"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/SCANNER-DETECTION"] [tag "capec/1000/118/224/541/310"] [redacted] [uri "/"] [unique_id "aiINAcLjYHBKJXpdsW4bGQAAACM"] show less	Port Scan
🇩🇪 162.62.213.187	1 hour ago	(mod_security) mod_security (id:920210) triggered by 162.62.213.187 (DE/Germany/-): 1 in the last 36 ... show more (mod_security) mod_security (id:920210) triggered by 162.62.213.187 (DE/Germany/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 19:12:24.547702 2026] [security2:error] [pid 1417114:tid 1417236] [client 162.62.213.187:40786] ModSecurity: Access denied with code 406 (phase 1). Pattern match "\\\\b(?:keep-alive\|close),\\\\s?(?:keep-alive\|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "403"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiIGWH6wBjil-YQPqebDHgAAAGc"] show less	Port Scan
🇳🇱 185.93.89.130	2 hours ago	(mod_security) mod_security (id:920350) triggered by 185.93.89.130 (NL/The Netherlands/-): 1 in the ... show more (mod_security) mod_security (id:920350) triggered by 185.93.89.130 (NL/The Netherlands/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 18:14:32.598090 2026] [security2:error] [pid 1417114:tid 1417250] [client 185.93.89.130:33058] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/sendgrid.env"] [unique_id "aiH4yH6wBjil-YQPqea6GwAAAHU"] show less	Port Scan
🇺🇸 205.210.31.94	2 hours ago	(mod_security) mod_security (id:920350) triggered by 205.210.31.94 (US/United States/-): 1 in the la ... show more (mod_security) mod_security (id:920350) triggered by 205.210.31.94 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 18:07:01.216637 2026] [security2:error] [pid 1417114:tid 1417197] [client 205.210.31.94:59756] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiH3BX6wBjil-YQPqea5EwAAAEA"] show less	Port Scan
🇺🇸 34.24.108.243	2 hours ago	(mod_security) mod_security (id:920350) triggered by 34.24.108.243 (US/United States/243.108.24.34.b ... show more (mod_security) mod_security (id:920350) triggered by 34.24.108.243 (US/United States/243.108.24.34.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 18:00:45.567144 2026] [security2:error] [pid 1417114:tid 1417207] [client 34.24.108.243:58014] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/actuator/heapdump"] [unique_id "aiH1jX6wBjil-YQPqea3GwAAAEo"] show less	Port Scan
🇺🇸 66.132.195.73	3 hours ago	(mod_security) mod_security (id:920350) triggered by 66.132.195.73 (US/United States/73.195.132.66.c ... show more (mod_security) mod_security (id:920350) triggered by 66.132.195.73 (US/United States/73.195.132.66.censys-scanner.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 17:54:00.279308 2026] [security2:error] [pid 1417114:tid 1417215] [client 66.132.195.73:5724] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiHz-H6wBjil-YQPqea2UgAAAFI"] show less	Port Scan
🇺🇸 8.230.125.195	3 hours ago	(mod_security) mod_security (id:930130) triggered by 8.230.125.195 (US/United States/195.125.230.8.b ... show more (mod_security) mod_security (id:930130) triggered by 8.230.125.195 (US/United States/195.125.230.8.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 17:43:39.159570 2026] [security2:error] [pid 1417114:tid 1417200] [client 8.230.125.195:51400] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".aws/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.aws/credentials"] [unique_id "aiHxi36wBjil-YQPqeaz1wAAAEM"] show less	Port Scan
🇸🇬 43.159.61.24	3 hours ago	(mod_security) mod_security (id:920210) triggered by 43.159.61.24 (SG/Singapore/-): 1 in the last 36 ... show more (mod_security) mod_security (id:920210) triggered by 43.159.61.24 (SG/Singapore/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 16:58:44.418219 2026] [security2:error] [pid 1417114:tid 1417243] [client 43.159.61.24:33306] ModSecurity: Access denied with code 406 (phase 1). Pattern match "\\\\b(?:keep-alive\|close),\\\\s?(?:keep-alive\|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "403"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiHnBH6wBjil-YQPqeatVQAAAG4"] show less	Port Scan
🇳🇱 5.255.125.179	4 hours ago	(mod_security) mod_security (id:930130) triggered by 5.255.125.179 (NL/The Netherlands/-): 1 in the ... show more (mod_security) mod_security (id:930130) triggered by 5.255.125.179 (NL/The Netherlands/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 16:52:27.272318 2026] [security2:error] [pid 1417114:tid 1417258] [client 5.255.125.179:0] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".yarnrc" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.yarnrc"] [unique_id "aiHli36wBjil-YQPqeasQwAAAH0"] show less	Port Scan
🇬🇧 118.26.104.78	4 hours ago	(eximsyntax) Exim syntax errors from 118.26.104.78 (GB/United Kingdom/-): 1 in the last 3600 secs; P ... show more (eximsyntax) Exim syntax errors from 118.26.104.78 (GB/United Kingdom/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2026-06-04 16:22:41 SMTP call from [118.26.104.78] dropped: too many syntax or protocol errors (last command was "À\024???/?5À\022\023\003\023\001\023\002\001??{?\005?\005\001?????", NULL) show less	Port Scan
🇸🇬 203.127.89.193	5 hours ago	(mod_security) mod_security (id:920350) triggered by 203.127.89.193 (SG/Singapore/-): 1 in the last ... show more (mod_security) mod_security (id:920350) triggered by 203.127.89.193 (SG/Singapore/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:50:26.618997 2026] [security2:error] [pid 1417114:tid 1417247] [client 203.127.89.193:57461] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/admin/login.asp"] [unique_id "aiHXAn6wBjil-YQPqeaj-QAAAHI"] show less	Port Scan
🇸🇬 203.116.36.91	5 hours ago	(mod_security) mod_security (id:920350) triggered by 203.116.36.91 (SG/Singapore/203.116.36-91.unkno ... show more (mod_security) mod_security (id:920350) triggered by 203.116.36.91 (SG/Singapore/203.116.36-91.unknown.starhub.net.sg): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:50:25.201489 2026] [security2:error] [pid 1417114:tid 1417240] [client 203.116.36.91:58363] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/admin/login.asp"] [unique_id "aiHXAX6wBjil-YQPqeaj9wAAAGs"] show less	Port Scan
🇺🇸 16.148.37.209	5 hours ago	(mod_security) mod_security (id:920350) triggered by 16.148.37.209 (US/United States/ec2-16-148-37-2 ... show more (mod_security) mod_security (id:920350) triggered by 16.148.37.209 (US/United States/ec2-16-148-37-209.us-west-2.compute.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:50:22.254891 2026] [security2:error] [pid 1417114:tid 1417252] [client 16.148.37.209:28048] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/admin/login.asp"] [unique_id "aiHW_n6wBjil-YQPqeaj9gAAAHc"] show less	Port Scan
🇳🇱 176.65.139.126	5 hours ago	(mod_security) mod_security (id:920350) triggered by 176.65.139.126 (NL/The Netherlands/-): 1 in the ... show more (mod_security) mod_security (id:920350) triggered by 176.65.139.126 (NL/The Netherlands/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:44:59.671446 2026] [security2:error] [pid 1417114:tid 1417208] [client 176.65.139.126:44238] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/boaform/admin/formLogin"] [unique_id "aiHVu36wBjil-YQPqeajMQAAAEs"], referer: http://198.74.58.201:80/admin/login.asp show less	Port Scan
🇵🇰 137.59.230.79	5 hours ago	(mod_security) mod_security (id:920280) triggered by 137.59.230.79 (PK/Pakistan/-): 1 in the last 36 ... show more (mod_security) mod_security (id:920280) triggered by 137.59.230.79 (PK/Pakistan/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:30:53.516972 2026] [security2:error] [pid 1417114:tid 1417258] [client 137.59.230.79:58173] ModSecurity: Access denied with code 406 (phase 1). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "567"] [id "920280"] [msg "Request Missing a Host Header"] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/boaform/admin/formLogin"] [unique_id "aiHSbX6wBjil-YQPqeahLQAAAH0"] show less	Port Scan
🇬🇧 87.236.176.192	5 hours ago	(mod_security) mod_security (id:920350) triggered by 87.236.176.192 (GB/United Kingdom/r3-192-c0.mon ... show more (mod_security) mod_security (id:920350) triggered by 87.236.176.192 (GB/United Kingdom/r3-192-c0.monitoring.internet-measurement.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 15:28:08.236638 2026] [security2:error] [pid 1417114:tid 1417242] [client 87.236.176.192:39019] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "aiHRyH6wBjil-YQPqeagxgAAAG0"] show less	Port Scan
🇰🇷 101.36.114.209	6 hours ago	(eximsyntax) Exim syntax errors from 101.36.114.209 (KR/South Korea/-): 1 in the last 3600 secs; Por ... show more (eximsyntax) Exim syntax errors from 101.36.114.209 (KR/South Korea/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2026-06-04 14:42:14 SMTP call from [101.36.114.209] dropped: too many syntax or protocol errors (last command was "?", NULL) show less	Port Scan
🇺🇸 165.154.182.72	6 hours ago	(ftpd) Failed FTP login from 165.154.182.72 (US/United States/mail.biggraph.cn): 1 in the last 3600 ... show more (ftpd) Failed FTP login from 165.154.182.72 (US/United States/mail.biggraph.cn): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Jun 4 14:26:00 web pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [anonymous] show less	Port Scan
🇺🇸 40.124.175.75	6 hours ago	(mod_security) mod_security (id:913100) triggered by 40.124.175.75 (US/United States/azpdsgdrda22.st ... show more (mod_security) mod_security (id:913100) triggered by 40.124.175.75 (US/United States/azpdsgdrda22.stretchoid.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 14:21:29.712907 2026] [security2:error] [pid 1408986:tid 1409083] [client 40.124.175.75:48148] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity.d/REQUEST-913-SCANNER-DETECTION.conf"] [line "56"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/SCANNER-DETECTION"] [tag "capec/1000/118/224/541/310"] [redacted] [uri "/developmentserver/metadatauploader"] [unique_id "aiHCKfJDyG8nl3yxzJeBmgAAAA4"] show less	Port Scan
🇨🇦 34.130.138.37	8 hours ago	(mod_security) mod_security (id:920350) triggered by 34.130.138.37 (CA/Canada/37.138.130.34.bc.googl ... show more (mod_security) mod_security (id:920350) triggered by 34.130.138.37 (CA/Canada/37.138.130.34.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 12:55:40.290449 2026] [security2:error] [pid 1408986:tid 1409070] [client 34.130.138.37:32862] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/.env.prod.bak"] [unique_id "aiGuDPJDyG8nl3yxzJd0BAAAAAE"] show less	Port Scan
🇪🇸 34.175.60.198	8 hours ago	(mod_security) mod_security (id:920350) triggered by 34.175.60.198 (198.60.175.34.bc.googleuserconte ... show more (mod_security) mod_security (id:920350) triggered by 34.175.60.198 (198.60.175.34.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 04 12:47:38.595428 2026] [security2:error] [pid 1408986:tid 1409105] [client 34.175.60.198:57224] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/wp-json/gravitysmtp/v1/tests/mock-data"] [unique_id "aiGsKvJDyG8nl3yxzJdywwAAACQ"] show less	Port Scan