πΊπΈ
TPI-Abuse
2026-06-16 08:12:44
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:12:39.030250 2026] [security2:error] [pid 14314:tid 14314] [client 172.86.89.205:53608] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cajunpicasso.com"] [uri "/wp-config.php-"] [unique_id "ajEFdx-LUMT-MJfX_2rYKAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
thetomtaylor.co.uk
2026-06-16 08:06:02
(3 hours ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01]
Bad Web Bot
Web App Attack
π¬π§
thetomtaylor.co.uk
2026-06-16 07:07:02
(4 hours ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01,wa02]
Bad Web Bot
Web App Attack
2026-06-16 06:59:24
(4 hours ago)
172.86.89.205 - - [16/Jun/2026:14:59:23 +0800] "GET /wp-config.php- HTTP/1.1" 301 247 "-" "Python-ur ...
show more
172.86.89.205 - - [16/Jun/2026:14:59:23 +0800] "GET /wp-config.php- HTTP/1.1" 301 247 "-" "Python-urllib/2.7"
...
show less
Bad Web Bot
Web App Attack
πΊπΈ
omc
2026-06-16 06:19:33
(5 hours ago)
Banned IP [QC]. Hacking login/admin service [Q4].
Hacking
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-16 06:14:21
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 02:14:15.684586 2026] [security2:error] [pid 11385:tid 11385] [client 172.86.89.205:56789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jennyfiore.com"] [uri "/wp-config.php-"] [unique_id "ajDpt25T8BW1SJ9yqfoOMAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-06-16 06:06:07
(5 hours ago)
Trying to access config files
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 05:58:29
(5 hours ago)
(mod_security) mod_security (id:949110) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:949110) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 01:58:22.633183 2026] [security2:error] [pid 24371:tid 24371] [client 172.86.89.205:50961] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "akistech.com"] [uri "/wp-config.php-"] [unique_id "ajDl_hzdLLXhU3Ns_YZ3pQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 05:27:59
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 01:27:52.802267 2026] [security2:error] [pid 18034:tid 18034] [client 172.86.89.205:54990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "consolidatedoperationsgroup.com"] [uri "/wp-config.php-"] [unique_id "ajDe2P7xxK47h3YXLvQTSwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
taivas.nl
2026-06-16 04:32:42
(7 hours ago)
Many_bad_calls
Web App Attack
π¬π§
poundawebsiteltd
2026-06-16 03:50:30
(8 hours ago)
Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 172.86.89.205 - - [16/Jun/2026:04 ...
show more
Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 172.86.89.205 - - [16/Jun/2026:04:50:27 +0100] GET /wp-config.php- HTTP/1.1 403 177 - Python-urllib/2.7
show less
Web App Attack
π¨π¦
1gz
2026-06-16 03:19:57
(8 hours ago)
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET meth ...
show more
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp-config.php-
UA: Python-urllib/2.7
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-16 03:19:03
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 23:18:55.870283 2026] [security2:error] [pid 7677:tid 7677] [client 172.86.89.205:61761] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doreenkimura.com"] [uri "/wp-config.php-"] [unique_id "ajDAn7Uw8cTZWZ1pLEDW2QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-06-16 02:56:24
(8 hours ago)
172.86.89.205 - - [16/Jun/2026:04:56:17 +0200] "GET /wp-config.php- HTTP/1.1" 301 162 "-" "Python-ur ...
show more
172.86.89.205 - - [16/Jun/2026:04:56:17 +0200] "GET /wp-config.php- HTTP/1.1" 301 162 "-" "Python-urllib/2.7"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-16 02:52:55
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com ...
show more
(mod_security) mod_security (id:210492) triggered by 172.86.89.205 (205.89.86.172.static.cloudzy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 22:52:51.758710 2026] [security2:error] [pid 1236:tid 1236] [client 172.86.89.205:59000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barkatthemoonpetsitting.com"] [uri "/wp-config.php-"] [unique_id "ajC6gz3Gy03auo8Tm0QX5AAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack