๐บ๐ธ
TPI-Abuse
2026-07-13 04:45:54
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 00:45:45.417041 2026] [security2:error] [pid 3969:tid 3969] [client 172.70.248.131:10833] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hendyart.halotoys.com"] [uri "/.env.local"] [unique_id "alRteUKZTP2ejrXvRbnnygAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mawan
2026-07-11 05:48:51
(3 days ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2026-07-03 09:28:39
(1 week ago)
172.70.248.131 - - [03/Jul/2026:11:28:38 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 40 ...
show more
172.70.248.131 - - [03/Jul/2026:11:28:38 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.70.248.131 - - [03/Jul/2026:11:28:38 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.70.248.131 - - [03/Jul/2026:11:28:38 +0200] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.70.248.131 - - [03/Jul/2026:11:28:38 +0200] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
172.70.248.131 - - [03/Jul/2026:11:28:39 +0200] "GET //wp/wp-includes/wlwmanif
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 09:17:35
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 05:17:30.967033 2026] [security2:error] [pid 26453:tid 26453] [client 172.70.248.131:11660] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arellasoc.com"] [uri "/.git/config"] [unique_id "akYsqjuzLP3eIryLEIK3IAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-06-16 18:40:10
(3 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ณ๐ด
jad-abuse
2026-06-14 12:57:33
(1 month ago)
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. Ob ...
show more
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. Observed by 1 sensor(s); 2 hits.
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 14:10:58
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 10:10:50.608113 2026] [security2:error] [pid 31948:tid 31948] [client 172.70.248.131:10893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antoniocobo.com"] [uri "/.git/config"] [unique_id "aiV76m-UpcT1S_gGoBMUIwAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Fnek
2026-06-04 04:30:00
(1 month ago)
crowdsecurity/vpatch-git-config - 202606040630
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-04 03:43:38
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:43:34.278994 2026] [security2:error] [pid 6682:tid 6682] [client 172.70.248.131:9592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thinksite.net"] [uri "/.git/config"] [unique_id "aiD0ZvOy1bGvsDaHiqVFgAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 06:05:39
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:05:32.920983 2026] [security2:error] [pid 26266:tid 26278] [client 172.70.248.131:12589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "virusskins.com"] [uri "/.git/config"] [unique_id "ah5yrPFPywUqOYdfRH7kMwAAAIk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 04:59:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.248.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:59:55.967673 2026] [security2:error] [pid 12647:tid 12647] [client 172.70.248.131:10797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vincentmonaco.com"] [uri "/.git/config"] [unique_id "ah5jS0m1VgD3YJgDP-TVeQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-28 07:22:20
(1 month ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
๐ง๐ฌ
Stoyko Stoykov
2026-05-26 13:16:48
(1 month ago)
172.70.248.131 - - [26/May/2026:16:16:48 +0300] "GET /.git/config HTTP/1.1" 301 162 "-" "Mozilla/5.0 ...
show more
172.70.248.131 - - [26/May/2026:16:16:48 +0300] "GET /.git/config HTTP/1.1" 301 162 "-" "Mozilla/5.0 (l9scan/2.0.33e27393e2431313e2838313; +https://leakix.net)"
...
show less
Hacking
Web App Attack
๐ท๐บ
DZBOT
2026-05-22 13:02:24
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฌ๐ง
pinguin
2026-05-20 01:20:33
(1 month ago)
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /
UA: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot