πΊπΈ
TPI-Abuse
2026-07-02 15:25:31
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 11:25:28.151119 2026] [security2:error] [pid 5451:tid 5451] [client 172.71.164.166:9693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thorndikestudio.com"] [uri "/.git/config"] [unique_id "akaC6HxXpFyxdI4E_4p9qwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 13:44:15
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 09:44:09.797754 2026] [security2:error] [pid 15572:tid 15572] [client 172.71.164.166:12591] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "diamondtrailerserv.com"] [uri "/.git/config"] [unique_id "akZrKV_MrYF6Dd1V-_kSbgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-07-02 13:27:03
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 13:02:42
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 09:02:39.565307 2026] [security2:error] [pid 24697:tid 24697] [client 172.71.164.166:10653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "comfortcartel.com"] [uri "/.git/config"] [unique_id "akZhb_-hF9P2Vl_8EaEADQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
xxkodedxx
2026-07-02 01:45:24
(1 day ago)
[Zorvexus edge-defense] GET .env / WordPress honeypot probe
Trigger: 1Γ honeypot-get in 10m window.
...
show more
[Zorvexus edge-defense] GET .env / WordPress honeypot probe
Trigger: 1Γ honeypot-get in 10m window.
Active: 01:44:45β01:44:46 UTC
Volume: 2 honeypot probe(s)
Bait taken: /wp-login.php, /wp-admin/install.php?step=1
UA: "http://zvxlabs.com/wp-admin/install.php?step=1"
Auto-banned 30d. zorvexus-banner.
show less
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-07-01 05:17:42
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
π¬π§
pinguin
2026-06-30 14:25:55
(3 days ago)
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /actuator/env
UA: Mozilla/5.0 (l9scan/2.0.8393e26323e28313e2430313; +https://leakix.net)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
π©πͺ
FeG Deutschland
2026-06-29 23:07:24
(3 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
π©πͺ
FeG Deutschland
2026-06-28 12:53:12
(5 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-27 16:18:17
(6 days ago)
(mod_security) mod_security (id:949110) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:18:11.036339 2026] [security2:error] [pid 25142:tid 25142] [client 172.71.164.166:13355] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dcagroupusa.com"] [uri "/.git/config"] [unique_id "aj_3w6051yMgqGpSGIaBhwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-06-26 17:10:22
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
πΊπΈ
johnkarlhill
2026-06-24 16:43:02
(1 week ago)
WebKnight blocked malicious web request on johnkarlhill.com
Brute-Force
SSH
π©πͺ
FeG Deutschland
2026-06-23 22:47:45
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
π©πͺ
FeG Deutschland
2026-06-23 02:08:14
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-21 09:37:12
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.71.164.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 05:37:08.322510 2026] [security2:error] [pid 18645:tid 18645] [client 172.71.164.166:13197] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kingmansvc.kingmanrents.com"] [uri "/.env"] [unique_id "ajewxCnYF9AWPbkfEg3dGgAAABM"], referer: https://www.google.com/search?q=www.kingmansvc.kingmanrents.com
show less
Brute-Force
Bad Web Bot
Web App Attack