๐ท๐บ
DZBOT
2026-07-05 17:37:02
(6 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 13:24:15
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 09:24:10.317075 2026] [security2:error] [pid 3159:tid 3159] [client 172.70.246.245:11256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "neathridge.com"] [uri "/.git/config"] [unique_id "akZmemXwy6H26ZIhZTV7iQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-28 14:47:09
(1 week ago)
172.70.246.245 - - [28/Jun/2026:17:46:59 +0300] "GET /wp-includes/ HTTP/1.1" 404 684 "-" "Mozilla/5. ...
show more
172.70.246.245 - - [28/Jun/2026:17:46:59 +0300] "GET /wp-includes/ HTTP/1.1" 404 684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.70.246.245 - - [28/Jun/2026:17:47:09 +0300] "GET /wp-includes/css/dist/ HTTP/1.1" 404 684 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-25 05:38:22
(2 weeks ago)
172.70.246.245 - - [25/Jun/2026:08:38:08 +0300] "GET /wp-content/uploads/2020/ HTTP/1.1" 404 768 "-" ...
show more
172.70.246.245 - - [25/Jun/2026:08:38:08 +0300] "GET /wp-content/uploads/2020/ HTTP/1.1" 404 768 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.70.246.245 - - [25/Jun/2026:08:38:21 +0300] "GET /wp-content/uploads/2021/ HTTP/1.1" 404 768 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
Bedios GmbH
2026-06-18 15:51:21
(3 weeks ago)
Login credentials theft attempt
Hacking
๐ฉ๐ช
febrian.de
2026-06-17 15:45:45
(3 weeks ago)
Malicious HTTP(S) probing detected by Fail2Ban
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-05 18:52:50
(1 month ago)
172.70.246.245 - - [05/Jun/2026:21:47:49 +0300] "GET /private/.env HTTP/1.1" 404 3264 "-" "Mozilla/5 ...
show more
172.70.246.245 - - [05/Jun/2026:21:47:49 +0300] "GET /private/.env HTTP/1.1" 404 3264 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.70.246.245 - - [05/Jun/2026:21:52:49 +0300] "GET /current/.env HTTP/1.1" 404 3263 "-" "Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-04 06:37:15
(1 month ago)
172.70.246.245 - - [04/Jun/2026:09:37:13 +0300] "GET /wp-content/plugins/hello-plus/classes/ehp-sara ...
show more
172.70.246.245 - - [04/Jun/2026:09:37:13 +0300] "GET /wp-content/plugins/hello-plus/classes/ehp-sarang.php HTTP/1.1" 404 768 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
172.70.246.245 - - [04/Jun/2026:09:37:14 +0300] "GET /wp-content/themes/news-portal/fm.php HTTP/1.1" 404 767 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 18:06:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:06:43.195866 2026] [security2:error] [pid 12926:tid 12926] [client 172.70.246.245:10942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "von-s.com"] [uri "/.git/config"] [unique_id "ah8bs1XI1LpPHX4I6cIAPQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
tavis.page
2026-05-18 05:41:37
(1 month ago)
Blocked by UFW on server [443/tcp]
Source port: 10788
TTL: 56
Packet length: 60
TOS: 0x00
This repo ...
show more
Blocked by UFW on server [443/tcp]
Source port: 10788
TTL: 56
Packet length: 60
TOS: 0x00
This report was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-05-15 06:41:05
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:40:58.095522 2026] [security2:error] [pid 6991:tid 6991] [client 172.70.246.245:12244] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||arsenalfordemocracy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "arsenalfordemocracy.com"] [uri "/backup.sql"] [unique_id "aga_-l8A86D_x_rdrRs6cwAAADE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-10 19:01:18
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 15:01:08.031419 2026] [security2:error] [pid 28882:tid 28882] [client 172.70.246.245:13864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stenbot.com"] [uri "/.env.php"] [unique_id "agDV9C3tseJ1yan5ahAr3gAAAAI"], referer: https://www.google.com/search?q=stenbot.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-04 16:36:09
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 12:36:05.548740 2026] [security2:error] [pid 18803:tid 18803] [client 172.70.246.245:11774] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.scswat.org"] [uri "/.git/config"] [unique_id "afjK9d94nw7GQEIgeR08HQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
2048
2026-04-30 20:54:21
(2 months ago)
2026-04-30T22:54:18.664794+02:00 machodeer kernel: [290373.509828] [UFW BLOCK] IN=ens3 OUT= MAC=REDA ...
show more
2026-04-30T22:54:18.664794+02:00 machodeer kernel: [290373.509828] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.70.246.245 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=12332 DF PROTO=TCP SPT=9321 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
2026-04-30T22:54:19.684709+02:00 machodeer kernel: [290374.529730] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.70.246.245 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=12333 DF PROTO=TCP SPT=9321 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
2026-04-30T22:54:20.707608+02:00 machodeer kernel: [290375.552520] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.70.246.245 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=12334 DF PROTO=TCP SPT=9321 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-04-30 16:56:52
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.246.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 12:56:47.890469 2026] [security2:error] [pid 11342:tid 11342] [client 172.70.246.245:9897] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.mattsound.com"] [uri "/.git/config"] [unique_id "afOJz10mNvEMHxODs8XIAAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack