๐ฉ๐ช
iNetWorker
2026-07-11 08:55:14
(5 days ago)
trolling for resource vulnerabilities
Web App Attack
๐บ๐ธ
kosada.com
2026-05-05 16:51:07
(2 months ago)
Web vulnerability probing: /wp-includes/blocks/about.php
Web App Attack
๐ซ๐ท
Octopuce
2026-04-16 17:15:50
(2 months ago)
Aggressive web search of vulnerable pages: /wp-content/themes/pridmag/db.php?u /wp-content/plugins/s ...
show more
Aggressive web search of vulnerable pages: /wp-content/themes/pridmag/db.php?u /wp-content/plugins/shell/noimg.php /wp-content/plugins/pwnd-2/p ...
show less
Web App Attack
๐จ๐ญ
backslash
2026-04-16 16:18:04
(2 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
mnsf
2026-03-03 22:05:43
(4 months ago)
Too many Status 40X (11)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-24 02:52:16
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 21:52:11.307741 2026] [security2:error] [pid 25496:tid 25496] [client 185.198.243.201:40807] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoinsquaretrade.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinsquaretrade.com"] [uri "/backup.sql"] [unique_id "aZ0SW0Efjyy9ERYZTjcmVwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-18 08:45:20
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 03:45:15.072159 2026] [security2:error] [pid 9001:tid 9018] [client 185.198.243.201:23999] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||siestakeybch.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "siestakeybch.com"] [uri "/restore/backup.sql"] [unique_id "aZV8G-dYJArWZInNnFRNyQAAAEw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Penny Packer
2026-02-11 08:09:15
(5 months ago)
Fail2Ban apache-tripwires
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-05 15:06:07
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 05 10:06:03.621557 2026] [security2:error] [pid 454960:tid 454983] [client 185.198.243.201:31757] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ethniclivesmatter.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ethniclivesmatter.com"] [uri "/restore/backup.sql"] [unique_id "aVvTW8Rc4DoJarCfp2PaCgAAARQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2025-11-23 00:19:54
(7 months ago)
Triggered Cloudflare WAF (firewallCustom) from GB.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from GB.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /.well-known/acme-challenge/content.php
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-11-18 15:35:07
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 185.198.243.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 18 10:35:03.384875 2025] [security2:error] [pid 23339:tid 23339] [client 185.198.243.201:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/restore/sftp-config.json"] [unique_id "aRySJ7Kj6e0E1LK9s2Rc2wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
Valhalla
2025-11-15 10:58:10
(8 months ago)
/backup/backup.sql.zip
Hacking
Web App Attack
๐บ๐ธ
Penny Packer
2025-11-11 04:21:01
(8 months ago)
Fail2Ban apache-tripwires
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-11-10 07:52:27
(8 months ago)
185.198.243.201 - - [10/Nov/2025:09:52:27 +0200] "GET //wp-admin/css/colors/coffee/index.php HTTP/1. ...
show more
185.198.243.201 - - [10/Nov/2025:09:52:27 +0200] "GET //wp-admin/css/colors/coffee/index.php HTTP/1.1" 404 276 "-" "Go-http-client/1.1"
...
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-11-10 02:08:24
(8 months ago)
185.198.243.201 - - [10/Nov/2025:04:07:38 +0200] "GET //wp-content/plugins/seoplugins/db.php?u HTTP/ ...
show more
185.198.243.201 - - [10/Nov/2025:04:07:38 +0200] "GET //wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 404 277 "-" "Go-http-client/1.1"
185.198.243.201 - - [10/Nov/2025:04:08:24 +0200] "GET //wp-content/themes/seotheme/mar.php HTTP/1.1" 404 277 "-" "Go-http-client/1.1"
...
show less
Web App Attack