Anonymous
2026-07-09 14:04:22
(18 hours ago)
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: Word ...
show more
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: WordPress scanning, Webshell probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
π³π±
homeshowdomain.nl
2026-07-08 22:01:53
(1 day ago)
Auto-ban: >3000 req/min op 2026-07-08
Web App Attack
SSH
Hacking
π¨π¦
polycoda
2026-07-08 18:16:23
(1 day ago)
AutoBlock: π― Vulnerability Scanner (Non Decay-Based) - β Excessive 40X Errors (Decay-Based)
Hacking
Bad Web Bot
Web App Attack
π©πͺ
Ba-Yu
2026-07-08 18:11:28
(1 day ago)
WordPress hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
π©πͺ
Vegascosmetics
2026-07-08 18:03:54
(1 day ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after attack pattern. Vegas Security
Hacking
Web App Attack
π«π·
masterguru
2026-07-08 18:00:09
(1 day ago)
Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-201)
Hacking
πΊπΈ
TPI-Abuse
2026-07-08 17:47:24
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:47:19.734236 2026] [security2:error] [pid 19631:tid 19631] [client 104.208.91.22:1034] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cfmgroup.us"] [uri "/wp-config.php"] [unique_id "ak6NJwG6EZ_iFIutgenCpgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 17:25:28
(1 day ago)
(mod_security) mod_security (id:949110) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:949110) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:25:24.762113 2026] [security2:error] [pid 29155:tid 29155] [client 104.208.91.22:12467] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tgtn.cescfoundation.org"] [uri "/wp-config.php"] [unique_id "ak6IBNfnkswlcEJaF1esCQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
Quarks Solutions
2026-07-08 17:22:20
(1 day ago)
crowdsecurity/http-probing
Web App Attack
Hacking
π¬π§
pinguin
2026-07-08 17:19:50
(1 day ago)
Triggered Cloudflare WAF (firewallManaged) from HK.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show more
Triggered Cloudflare WAF (firewallManaged) from HK.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: /BDKR28
UA: Empty string
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-07-08 17:05:07
(1 day ago)
104.208.91.22 - - [08/Jul/2026:19:05:05 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ...
show more
104.208.91.22 - - [08/Jul/2026:19:05:05 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 4350 "-" "-"
104.208.91.22 - - [08/Jul/2026:19:05:05 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 4350 "-" "-"
104.208.91.22 - - [08/Jul/2026:19:05:06 +0200] "GET /index.php/wp-includes/PHPMailer/ HTTP/1.1" 404 4302 "-" "-"
104.208.91.22 - - [08/Jul/2026:19:05:06 +0200] "GET /index.php/wp-includes/PHPMailer/ HTTP/1.1" 404 4302 "-" "-"
104.208.91.22 - - [08/Jul/2026:19:05:06 +0200] "GET /wp-content/uploads/index.php HTTP/1.1" 404 4290 "-" "-"
...
show less
Brute-Force
Web App Attack
π¬π§
consul.to
2026-07-08 17:02:14
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
π«π·
masterguru
2026-07-08 16:37:09
(1 day ago)
Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-197)
Hacking
πΊπΈ
TPI-Abuse
2026-07-08 16:34:22
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 104.208.91.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:34:15.612849 2026] [security2:error] [pid 12843:tid 12843] [client 104.208.91.22:8826] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.title16.com"] [uri "/wp-config.php"] [unique_id "ak58ByRs-IyCXvvvmFmTNAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-08 14:05:09
(1 day ago)
Blocked: Reason='Vulnerability probing β PHP scan detected (80/60 min)'; Requests=80
Port Scan