๐ซ๐ท
Sklurk
2026-07-07 17:28:18
(2 days ago)
Web App Attack
Web App Attack
๐ซ๐ท
ELYAZ
2026-05-30 12:16:01
(1 month ago)
(y4) Failed scan -byebye- from 209.50.161.211 (US/United States/-): (CF_ENABLE)
Hacking
๐ฉ๐ช
FeG Deutschland
2026-05-27 18:06:44
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ช๐ธ
librebit
2026-05-13 23:54:05
(1 month ago)
RDWeb scan
Web App Attack
๐ฉ๐ช
iNetWorker
2025-12-30 11:46:08
(6 months ago)
trolling for resource vulnerabilities
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-30 10:59:33
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 05:59:13.432592 2025] [security2:error] [pid 13957:tid 13957] [client 209.50.161.211:30421] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lazymanvegan.com"] [uri "/.svn/wc.db"] [unique_id "aVOwgQ7137kk1CAn5S4OGQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 06:11:46
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:11:37.791932 2025] [security2:error] [pid 12755:tid 12781] [client 209.50.161.211:25873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jameskeeton.com"] [uri "/.svn/wc.db"] [unique_id "aVIbmT-RvesYlg9nPSPo7gAAAFc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 05:39:40
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:39:33.671556 2025] [security2:error] [pid 6506:tid 6506] [client 209.50.161.211:20147] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daytonabluemetallic.com"] [uri "/.svn/wc.db"] [unique_id "aVIUFZfMJT7DbkEhnfiqdwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 04:15:30
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 209.50.161.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:15:20.728172 2025] [security2:error] [pid 22074:tid 22074] [client 209.50.161.211:36651] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ginaotto.com"] [uri "/.env"] [unique_id "aVIAWKjOTBSMBPF0UBivAgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-22 16:36:33
(6 months ago)
This IP was involved in a brute force and password spray attack.
Brute-Force
Web App Attack
Anonymous
2025-12-07 08:59:03
(7 months ago)
botnet
DDoS Attack
๐ซ๐ฎ
as211431.net
2025-11-29 21:52:20
(7 months ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /user/register/
UA: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2025-11-02 16:29:44
(8 months ago)
This IP was involved in an brute force and password spray attack on 2025/11/02 06:59:23
Port Scan
Brute-Force
Exploited Host
Web App Attack
๐ญ๐บ
bcsaba
2025-10-30 07:06:19
(8 months ago)
Joomla spam
209.50.161.211 - - [30/Oct/2025:08:03:15 +0100] "GET /index.php?option=com_easyblog&view ...
show more
Joomla spam
209.50.161.211 - - [30/Oct/2025:08:03:15 +0100] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 789 "https://*REDACTED*" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
show less
Web App Attack
Anonymous
2025-10-17 13:35:17
(8 months ago)
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report tim ...
show more
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report timestamp
show less
Hacking
Brute-Force