πΊπΈ
mawan
2026-07-05 03:54:51
(2 days ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
π―π΅
S.O.B.A. Dev.
2026-06-26 07:20:08
(1 week ago)
Persistent port scanning or vulnerability scanning
Port Scan
πΊπΈ
TPI-Abuse
2026-06-18 19:15:34
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.126.174 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.126.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 15:15:27.713719 2026] [security2:error] [pid 25177:tid 25181] [client 172.71.126.174:13990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nobletitles.aafm.us"] [uri "/.git/config"] [unique_id "ajRDz3nh8CAtewGPnkBt1AAAAME"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
mnsf
2026-06-16 05:05:59
(3 weeks ago)
Abuse Detected (1)
Brute-Force
Web App Attack
Anonymous
2026-04-26 04:26:59
(2 months ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
π©πͺ
abdubhai
2026-03-15 17:36:05
(3 months ago)
172.71.126.174 - - [15/Mar/2026:
...
Brute-Force
π©πͺ
abdubhai
2026-03-07 21:27:26
(3 months ago)
172.71.126.174 - - [08/Mar/2026:
...
Brute-Force
π³π±
wolfemium
2025-11-20 17:07:08
(7 months ago)
172.71.126.174 - - [20/Nov/2025:19:05:29 +0200] "GET /images/m.php HTTP/1.1" 502 150 "-" "-"
172.71. ...
show more
172.71.126.174 - - [20/Nov/2025:19:05:29 +0200] "GET /images/m.php HTTP/1.1" 502 150 "-" "-"
172.71.126.174 - - [20/Nov/2025:19:07:06 +0200] "GET /wp-content/radio.php HTTP/1.1" 502 150 "-" "-"
172.71.126.174 - - [20/Nov/2025:19:07:06 +0200] "GET /wp-includes/fonts/index.php?p= HTTP/1.1" 502 150 "-" "-"
172.71.126.174 - - [20/Nov/2025:19:07:06 +0200] "GET /.well-known/gecko-litespeed.php HTTP/1.1" 502 150 "-" "-"
172.71.126.174 - - [20/Nov/2025:19:07:07 +0200] "GET /.well-known/admin.php HTTP/1.1" 502 150 "-" "-"
172.71.126.174 - - [20/Nov/2025:19:07:07 +0200] "GET /wp-content/admin.php HTTP/1.1" 502 150 "-" "-"
...
show less
DDoS Attack
πΊπΈ
mawan
2025-11-02 17:42:59
(8 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
πͺπΈ
el-brujo
2025-10-22 13:13:51
(8 months ago)
22/Oct/2025:15:13:51.182171 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
22/Oct/2025:15:13:51.182171 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.71.126.174] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "372"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data "/Cursos/Construye tu Datacenter con Software 100% Libre/?C=M;O=A"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/267/72"] [hostname "el-hacker.org"] [uri "/Cursos/Construye tu Datacenter con Software 100% Libre/"] [unique_id "aPjYjyfwBMHAXqLb5LwDTgAAAtk"]
...
show less
Hacking
Web App Attack
πͺπΈ
el-brujo
2025-08-25 18:33:58
(10 months ago)
25/Aug/2025:20:33:58.710791 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
25/Aug/2025:20:33:58.710791 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.71.126.174] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "el-hacker.org"] [uri "/Cursos/IFCI Expert Cybercr
...
show less
Hacking
Web App Attack
Anonymous
2025-08-16 14:18:37
(10 months ago)
[Sat Aug 16 16:18:36.351275 2025] [authz_core:error] [pid 18413] [client 172.71.126.174:20402] AH016 ...
show more
[Sat Aug 16 16:18:36.351275 2025] [authz_core:error] [pid 18413] [client 172.71.126.174:20402] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sat Aug 16 16:18:36.372956 2025] [authz_core:error] [pid 18413] [client 172.71.126.174:20402] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sat Aug 16 16:18:36.404616 2025] [authz_core:error] [pid 18413] [client 172.71.126.174:20402] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Web App Attack
π¬π§
pinguin
2025-08-09 10:24:00
(10 months ago)
Triggered Cloudflare WAF (firewallManaged) from FR.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from FR.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /phpinfo.php
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
π¬π§
pinguin
2025-07-02 22:08:29
(1 year ago)
Triggered Cloudflare WAF (firewallManaged) from FR.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show more
Triggered Cloudflare WAF (firewallManaged) from FR.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: /
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2025-06-08 10:40:51
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 172.71.126.174 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.126.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 08 06:40:46.012554 2025] [security2:error] [pid 988481:tid 988481] [client 172.71.126.174:46602] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail-pmg.com"] [uri "/.git/config"] [unique_id "aEVoroWCAe42SKd35fXUTgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack