๐ฏ๐ต
S.O.B.A. Dev.
2026-07-11 18:53:21
(2 days ago)
Persistent port scanning or vulnerability scanning
Port Scan
๐ท๐บ
DZBOT
2026-07-11 18:18:13
(2 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ซ๐ฎ
Erpelstolz
2026-07-06 22:34:30
(1 week ago)
external host: 104.23.221.219 - - [07/Jul/2026:00:34:28 +0200] "GET /wp-admin/install.php?step=1 HTT ...
show more
external host: 104.23.221.219 - - [07/Jul/2026:00:34:28 +0200] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 325 "-" "http://erpelstolz.com/wp-admin/install.php?step=1" CF-Ray:a17213bab90bddf7-ARN CF-IP:-
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 16:09:47
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 12:09:42.347261 2026] [security2:error] [pid 2124:tid 2124] [client 104.23.221.219:12167] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mdivietnam.com"] [uri "/.git/config"] [unique_id "akaNRl0gZqrDZdtWLBJDEgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
S.O.B.A. Dev.
2026-06-28 13:37:23
(2 weeks ago)
Persistent port scanning or vulnerability scanning
Port Scan
๐บ๐ฆ
Olexiy Backend
2026-06-27 21:18:34
(2 weeks ago)
104.23.221.219
...
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-06-17 11:51:06
(3 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฌ๐ง
pinguin
2026-06-09 07:10:45
(1 month ago)
Triggered Cloudflare WAF (firewallManaged) from SE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from SE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /
UA: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Mobile Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-08 22:19:15
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 18:19:10.091741 2026] [security2:error] [pid 30123:tid 30123] [client 104.23.221.219:10812] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lisarlee.com.marlinlee.com"] [uri "/.git/config"] [unique_id "aic_3tAIzIuILIvzxvRVcgAAAEI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-05-24 10:12:00
(1 month ago)
block ruleset bad bot: misc bad content F608233CC4C86EE814CE8DDDA9C4A0D3C79882F6
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-23 16:16:44
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 12:16:40.398599 2026] [security2:error] [pid 31703:tid 31703] [client 104.23.221.219:10967] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "smoothbuttagetaways.com"] [uri "/.git/config"] [unique_id "ahHS6DT-2zyBEjr65cyNCAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-05-20 10:00:28
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-17 17:56:37
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 13:56:31.284229 2026] [security2:error] [pid 21292:tid 21292] [client 104.23.221.219:12797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "serranoscoffee.com"] [uri "/.git/config"] [unique_id "agoBT8wjISKly2Wd1QDvmwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-13 17:53:05
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.23.221.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 13:52:59.672626 2026] [security2:error] [pid 17596:tid 17747] [client 104.23.221.219:9436] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.dbestcarting.com"] [uri "/.env.save"] [unique_id "agS6e40UcS_bXa3UDpiC6QAAAVg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
xxkodedxx
2026-05-13 09:07:04
(2 months ago)
[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost)
Trigger: 1ร edge-block in 10 ...
show more
[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost)
Trigger: 1ร edge-block in 10m window.
Origin: SE / AS13335 Cloudflare, Inc.
Active: 09:06:19 UTC
Volume: 1 HTTP req
Probed: /wp-admin/install.php?step=1
Status mix: 301ร1
UA: "http://ztx-lab.com/wp-admin/install.php?step=1"
Auto-banned 30d. zorvexus-banner.
show less
Bad Web Bot
Web App Attack