๐บ๐ธ
TPI-Abuse
2026-07-02 15:00:49
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 11:00:45.771585 2026] [security2:error] [pid 14816:tid 14816] [client 172.71.148.123:12061] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stoneybluff.com"] [uri "/.git/config"] [unique_id "akZ9HfRjhdDrAQUUqvlBZwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 14:45:46
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 10:45:40.505966 2026] [security2:error] [pid 31339:tid 31339] [client 172.71.148.123:14057] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "simtimxr.com"] [uri "/.git/config"] [unique_id "akZ5lBIYN3dtfXn8ZnpHwQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-14 10:43:13
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 06:42:58.815526 2026] [security2:error] [pid 31965:tid 31965] [client 172.71.148.123:9890] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "readyaiminspire.com"] [uri "/.env"] [unique_id "ai6Fsu7N7FnYgG9Tt1H2QQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
acadeova
2026-06-12 01:47:52
(3 weeks ago)
๐จ Recon detected (nft drop)
SRC=172.71.148.123
Observed=TCP dpt=80 in=enp0s6 ttl=59
Time=recent(jour ...
show more
๐จ Recon detected (nft drop)
SRC=172.71.148.123
Observed=TCP dpt=80 in=enp0s6 ttl=59
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐บ๐ธ
wimaxnz
2026-06-10 00:02:22
(3 weeks ago)
Automated report from 247 Guardian: repeated malicious activity detected. | reason=nginx_badpath
Brute-Force
SSH
Port Scan
๐ฌ๐ง
pinguin
2026-06-08 14:12:14
(3 weeks ago)
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /
UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-08 03:13:57
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:13:50.122246 2026] [security2:error] [pid 3793:tid 3793] [client 172.71.148.123:10436] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.loftonboys.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.loftonboys.com"] [uri "/autodiscover/autodiscover.json/v1.0/[email protected] "] [unique_id "aiYzbiraW2AgrxKjIUKbtwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 20:05:55
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 16:05:48.366246 2026] [security2:error] [pid 26607:tid 26607] [client 172.71.148.123:12466] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cityoffoley.gov"] [uri "/.git/config"] [unique_id "aiR9nGbQqxpoUhAU4i7BQgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 19:31:55
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:31:52.627232 2026] [security2:error] [pid 17212:tid 17212] [client 172.71.148.123:11065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "entertainer-review.com.exotic-dancers-los-angeles.com"] [uri "/.git/config"] [unique_id "aiR1qOl664sLak848GLIQwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-06-02 15:05:14
(1 month ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 12:32:10
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 08:32:07.493490 2026] [security2:error] [pid 25072:tid 25072] [client 172.71.148.123:12718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "virginiabeachlovebird.com"] [uri "/.git/config"] [unique_id "ah7NR0tSEvF-qnSMKDLsRgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
MPL
2026-05-29 00:15:30
(1 month ago)
tcp/443 (5 or more attempts)
Port Scan
๐บ๐ธ
TPI-Abuse
2026-05-28 03:16:57
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 23:16:54.309749 2026] [security2:error] [pid 11512:tid 11512] [client 172.71.148.123:12079] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||lingafelt.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lingafelt.com"] [uri "/backup.sql"] [unique_id "ahezpprgm_vO2UF_0R3V_gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-27 10:07:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.148.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:07:26.683424 2026] [security2:error] [pid 18915:tid 18915] [client 172.71.148.123:12074] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.drbolen.com"] [uri "/.env.production"] [unique_id "ahbCXpJ1Swc1l7O3j_OPtwAAABA"], referer: https://www.google.com/search?q=webmail.drbolen.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-05-20 22:43:31
(1 month ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack