๐บ๐ธ
TPI-Abuse
2026-07-15 17:15:03
(1 hour ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 13:14:57.123562 2026] [security2:error] [pid 22705:tid 22705] [client 172.197.201.112:63093] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||azcrittergetter.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "azcrittergetter.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alfAERdFEJUq3ufxBq0N9AAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 15:32:06
(2 hours ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:32:00.752061 2026] [security2:error] [pid 15691:tid 15691] [client 172.197.201.112:54033] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cles-fonctionnel.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cles-fonctionnel.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alen8IM_PGH7ztxX3TCWygAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Mundo Bueno
2026-07-15 08:50:35
(9 hours ago)
[ISILIA Protection v2.1] Tentative d'accรจs: //vendor/phpunit/phpunit/phpunit.xsd | Pays: MY | UA: Mo ...
show more
[ISILIA Protection v2.1] Tentative d'accรจs: //vendor/phpunit/phpunit/phpunit.xsd | Pays: MY | UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 02:49:14
(15 hours ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 22:49:09.163138 2026] [security2:error] [pid 7655:tid 7655] [client 172.197.201.112:58346] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||harosports.com.tr|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "harosports.com.tr"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alb1JWNMmxn7Rp09tcIGagAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2026-07-14 13:21:09
(1 day ago)
Triggered Cloudflare WAF (firewallCustom) from MY.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoi ...
show more
Triggered Cloudflare WAF (firewallCustom) from MY.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoint: //vendor/phpunit/phpunit/phpunit.xsd | UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-14 13:15:56
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:15:51.693283 2026] [security2:error] [pid 873:tid 873] [client 172.197.201.112:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ndanetworks.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ndanetworks.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alY2h1DlGPyAUKqKKe17xwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-14 12:09:40
(1 day ago)
(mod_security-custom) mod_security (id:210730) triggered by 172.197.201.112 (MY/Malaysia/Kuala Lumpu ...
show more
(mod_security-custom) mod_security (id:210730) triggered by 172.197.201.112 (MY/Malaysia/Kuala Lumpur/Kuala Lumpur/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 3600 secs (0-srv1)
show less
Hacking
๐ฌ๐ง
pinguin
2026-07-14 08:57:23
(1 day ago)
Triggered Cloudflare WAF (firewallManaged) from MY.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show more
Triggered Cloudflare WAF (firewallManaged) from MY.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: //vendor/phpunit/phpunit/phpunit.xsd
UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
thesimonmanuel
2026-07-14 04:31:08
(1 day ago)
172.197.201.112 - - [14/Jul/2026:10:01:07 +0530] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" ...
show more
172.197.201.112 - - [14/Jul/2026:10:01:07 +0530] "GET //vendor/phpunit/phpunit/phpunit.xsd HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
show less
Web App Attack
Anonymous
2026-07-14 01:35:13
(1 day ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-07-13 19:40:53
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:40:45.659157 2026] [security2:error] [pid 15654:tid 15654] [client 172.197.201.112:59315] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||aokatheists.org|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aokatheists.org"] [uri "/index.html/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alU_PSU0qiPcEYAMtNhi3AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 17:29:37
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 13:29:32.731094 2026] [security2:error] [pid 987:tid 987] [client 172.197.201.112:56801] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||blackballprojects.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blackballprojects.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alUgfL59kaNGdk8eC00IUwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
sc user
2026-07-13 14:08:22
(2 days ago)
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad ...
show more
Fail2Ban nginx: repeated suspicious HTTP requests consistent with automated probing, scanning or bad bot behaviour. Technical log details and local server identifiers intentionally omitted for privacy.
show less
Bad Web Bot
Web App Attack
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-13 14:06:14
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.197.201.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 10:06:10.100898 2026] [security2:error] [pid 23431:tid 23431] [client 172.197.201.112:49700] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||syndetec.com|F|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "syndetec.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "alTw0iLGBjxmZId4fYi9fQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
David Ferneding
2026-07-13 12:16:35
(2 days ago)
Blocked by UFW (TCP on 80)
Source port: 52010
TTL: 113
Packet length: 52
TOS: 0x02
This report (for ...
show more
Blocked by UFW (TCP on 80)
Source port: 52010
TTL: 113
Packet length: 52
TOS: 0x02
This report (for 172.197.201.112) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
Web App Attack