๐ฉ๐ช
Blexyel
2026-07-18 20:07:26
(21 hours ago)
172.70.175.16 - - [18/Jul/2026:22:07:24 +0200] "GET /.well-known/pki-validation/wp-login.php HTTP/1. ...
show more
172.70.175.16 - - [18/Jul/2026:22:07:24 +0200] "GET /.well-known/pki-validation/wp-login.php HTTP/1.1" 404 13 "-" "-"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
Sรฉfora Srl
2026-05-25 14:02:50
(1 month ago)
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ...
show more
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-04-22 03:59:43
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:59:30.896526 2026] [security2:error] [pid 2313870:tid 2313870] [client 172.70.175.16:14010] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jstgeorg.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jstgeorg.org"] [uri "/export.sql"] [unique_id "aehHouxKQiOKDH5A1mxT1AAAABg"], referer: https://www.google.com/search?q=jstgeorg.org
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
pinguin
2026-04-08 04:48:21
(3 months ago)
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /wp-includes/css/buttons.css
UA: Go-http-client/2.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-04-08 04:19:10
(3 months ago)
Fuzzing/Looking for credentials files.
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-06 05:44:05
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 01:43:51.051629 2026] [security2:error] [pid 30762:tid 30762] [client 172.70.175.16:9834] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "phlippo.com"] [uri "/.env.local"] [unique_id "adNIF5pKv_4_bSkrJgTExgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-06 00:25:45
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 20:25:35.781619 2026] [security2:error] [pid 19449:tid 19449] [client 172.70.175.16:10912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.misfitranch.com"] [uri "/.env.development.local"] [unique_id "adL9f94REVlkXcdTpJvtOQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-05 19:49:18
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 15:49:11.343000 2026] [security2:error] [pid 16590:tid 16590] [client 172.70.175.16:14328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.criticalmassofficial.com"] [uri "/.env.local"] [unique_id "adK8txJ4N-C_vyM3it610AAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-05 06:22:07
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 02:22:01.556743 2026] [security2:error] [pid 21971:tid 21971] [client 172.70.175.16:14153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.title28.com"] [uri "/.env.development.local"] [unique_id "adH_iU_BZD5loHo4Y1ijYAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-03 10:58:38
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 06:58:29.375694 2026] [security2:error] [pid 9890:tid 9890] [client 172.70.175.16:13817] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tcmu.org"] [uri "/.env.example"] [unique_id "ac-dVZmmY8PE-ggTGp9SVgAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-03 10:00:35
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 06:00:29.235188 2026] [security2:error] [pid 3920:tid 3920] [client 172.70.175.16:12620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.toxicwater.com"] [uri "/.env.staging"] [unique_id "ac-PvZCashAB4yrl064LBAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-03 05:12:50
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 01:12:42.955545 2026] [security2:error] [pid 30643:tid 30643] [client 172.70.175.16:14214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kaplankrew.com"] [uri "/.env.tmp"] [unique_id "ac9MSpjFqtjdcy-UwJ354QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-03 00:12:14
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 20:12:10.793724 2026] [security2:error] [pid 26085:tid 26085] [client 172.70.175.16:12677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.wp.hotpay.co"] [uri "/.env.local.backup"] [unique_id "ac8F2o1dt15BrJJd-fuzYQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-02 11:07:25
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 07:07:20.108767 2026] [security2:error] [pid 4838:tid 4838] [client 172.70.175.16:13606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.gardnercastle.com"] [uri "/.env.php"] [unique_id "ac5N6F97Uwr9ISrhIo2LMAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-01 17:10:17
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.175.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 13:10:11.119695 2026] [security2:error] [pid 4948:tid 4948] [client 172.70.175.16:12637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.juhoanttila.com"] [uri "/srv/.env"] [unique_id "ac1RcyQY95P0eST7YC1O0wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack