๐บ๐ธ
TPI-Abuse
2026-07-09 06:06:55
(6 hours ago)
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:06:47.683253 2026] [security2:error] [pid 7764:tid 7764] [client 107.149.152.79:61293] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.writebetweenthelines.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.writebetweenthelines.com"] [uri "/wp-content/themes/seotheme/db.php"] [unique_id "ak86d8hbe4jjJLYBh_CVYgAAAB4"], referer: www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-09 06:00:28
(6 hours ago)
WordPress content enumeration
Web App Attack
๐ฌ๐ง
masterguru
2026-07-09 05:15:36
(7 hours ago)
BAD BOT - Detected and Blocked.. Matched phrase "mozlila" at REQUEST_HEADERS:User-Agent. (1100000-18 ...
show more
BAD BOT - Detected and Blocked.. Matched phrase "mozlila" at REQUEST_HEADERS:User-Agent. (1100000-185)
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-09 03:53:50
(8 hours ago)
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:53:45.837636 2026] [security2:error] [pid 28020:tid 28020] [client 107.149.152.79:32195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.rentkase.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.rentkase.com"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "ak8bSVbClckPZ1e8LGM6QwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 02:42:06
(9 hours ago)
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 22:42:01.655286 2026] [security2:error] [pid 12797:tid 12797] [client 107.149.152.79:37201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.difusionens.org|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.difusionens.org"] [uri "/wp-content/plugins/apikey/apikey.php.suspected"] [unique_id "ak8Ked86bO2MmbbyF4YZiAAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
gigatech
2026-07-09 01:45:03
(10 hours ago)
Webserver Probing
Web App Attack
๐ซ๐ท
LRob
2026-07-09 01:41:03
(10 hours ago)
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/","/wp-content/themes/seotheme/db.php?u"] | UA ...
show more
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/","/wp-content/themes/seotheme/db.php?u"] | UA: ["Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/53
show less
Bad Web Bot
๐ฆ๐บ
paulshipley.com.au
2026-07-09 01:34:43
(11 hours ago)
[Thu Jul 09 11:34:42.481465 2026] [security2:error] [pid 463407] [client 107.149.152.79:50969] [clie ...
show more
[Thu Jul 09 11:34:42.481465 2026] [security2:error] [pid 463407] [client 107.149.152.79:50969] [client 107.149.152.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/wp-plain.php"] [unique_id "ak76sp_wAXNxDw5YJzjdtAAAAAk"], referer: www.google.com
...
show less
Web App Attack
๐ฌ๐ง
pinguin
2026-07-09 01:18:33
(11 hours ago)
Triggered Cloudflare WAF (firewallManaged) from BR.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show more
Triggered Cloudflare WAF (firewallManaged) from BR.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp-content/themes/seotheme/db.php
UA: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-09 00:46:47
(11 hours ago)
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 107.149.152.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:46:42.962799 2026] [security2:error] [pid 24627:tid 24627] [client 107.149.152.79:52389] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.bonvivantorganics.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.bonvivantorganics.com"] [uri "/wp-content/plugins/apikey/apikey.php.suspected"] [unique_id "ak7vcuFEaxoq_bsZlIejGgAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-09 00:33:01
(12 hours ago)
block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1
Bad Web Bot
๐ฒ๐พ
Rizzy
2026-07-09 00:23:19
(12 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-09 00:22:37
(12 hours ago)
Multiple WAF Violations
Web App Attack
๐ฉ๐ช
4server
2026-07-08 23:47:05
(12 hours ago)
[ThuJul0901:47:02.1273362026][security2:error][pid3380933:tid3381035][client107.149.152.79:0]ModSecu ...
show more
[ThuJul0901:47:02.1273362026][security2:error][pid3380933:tid3381035][client107.149.152.79:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\|\?=\?f\(\?:open\|write\)\?\\\\\\\\\(\|\\\\\\\\b\(\?:passthru\|serialize\|php_uname\|phpinfo\|shell_exec\|preg_\\\\\\\\w \|mysql_query\|exec\|include\|eval\|create_function\|system\|base64_decode\|decode_base64\|base64_url_decode\|str_rot13\)\\\\\\\\b\?\(\?:\\\\\\\\\(\|\\\\\\\\:\)\)\"atARGS:l.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"724\"][id\"340195\"][rev\"4\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Base64EncodedPHPfunctioninArgument-thismaybeanattack.\"][data\"php_uname\(\"][severity\"CRITICAL\"][hostname\"maurokorangraf.ch\"][uri\"/wp-plain.php\"][unique_id\"ak7hdhOucuMBktvpyKG3wQAAAQI\"]\,referer:www.google.com
show less
Port Scan
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-07-08 21:37:56
(14 hours ago)
316 requests with url.path *.alfa
139 requests with url.path */wp-plain.php
Brute-Force
Bad Web Bot