๐ฌ๐ง
Mendip_Defender
2026-07-12 06:40:20
(2 days ago)
47.128.31.16 - - [12/Jul/2026:07:40:11 +0100] "GET /robots.txt HTTP/1.1" 304 5552 "-" "Mozilla/5.0 ( ...
show more
47.128.31.16 - - [12/Jul/2026:07:40:11 +0100] "GET /robots.txt HTTP/1.1" 304 5552 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
...
show less
Bad Web Bot
๐ฌ๐ง
Mendip_Defender
2026-06-28 08:13:22
(2 weeks ago)
47.128.31.16 - - [28/Jun/2026:09:13:14 +0100] "GET /robots.txt HTTP/1.1" 200 5719 "-" "Mozilla/5.0 ( ...
show more
47.128.31.16 - - [28/Jun/2026:09:13:14 +0100] "GET /robots.txt HTTP/1.1" 200 5719 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
...
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-26 17:12:14
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.c ...
show more
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 13:12:09.725940 2026] [security2:error] [pid 17508:tid 17508] [client 47.128.31.16:36498] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.homebuilt.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.homebuilt.org"] [uri "/vendors/powerplants/[email protected] "] [unique_id "aj6y6Xxdmc87eevDQCwgkgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 18:56:51
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.c ...
show more
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 14:56:47.422874 2026] [security2:error] [pid 30883:tid 30883] [client 47.128.31.16:45280] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.danharrisphotoart.com|F|2"] [data ".siberianpictures.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.danharrisphotoart.com"] [uri "/www.siberianpictures.com"] [unique_id "ajGcb8bkVRj6DIMrmokPAgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hazzard
2026-05-23 15:30:02
(1 month ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted]): (CF_ENABLE)
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-11 07:17:59
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.c ...
show more
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 03:17:54.477975 2026] [security2:error] [pid 1160:tid 1160] [client 47.128.31.16:51606] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||homebuilt.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "homebuilt.org"] [uri "/directory/[email protected] "] [unique_id "agGCotMNhr3wJYdkzpVg5gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Mendip_Defender
2026-04-07 21:05:33
(3 months ago)
47.128.31.16 - - [07/Apr/2026:22:05:30 +0100] "GET /robots.txt HTTP/1.0" 304 4072 "-" "Mozilla/5.0 ( ...
show more
47.128.31.16 - - [07/Apr/2026:22:05:30 +0100] "GET /robots.txt HTTP/1.0" 304 4072 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
...
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-01-01 07:45:20
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.c ...
show more
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 02:45:13.294717 2026] [security2:error] [pid 12662:tid 12662] [client 47.128.31.16:48026] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||informativearticles.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "informativearticles.com"] [uri "/[email protected] "] [unique_id "aVYmCWOFhH_B1BCwFQ5J6AAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐ท
RocketEmi
2025-12-24 18:33:22
(6 months ago)
Automated web crawling detected: high request rate, scraping multiple pages. Behavior consistent wit ...
show more
Automated web crawling detected: high request rate, scraping multiple pages. Behavior consistent with Bad Web Bot.
show less
Bad Web Bot
๐จ๐ฆ
1gz
2025-12-24 05:08:48
(6 months ago)
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/2 (GET method) ...
show more
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/2 (GET method)
Endpoint: /
UA: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐จ๐ฆ
1gz
2025-12-15 04:25:05
(6 months ago)
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/2 (GET method) ...
show more
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/2 (GET method)
Endpoint: /lajme/kamufluar/
UA: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-12-11 18:23:37
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.c ...
show more
(mod_security) mod_security (id:210730) triggered by 47.128.31.16 (ec2-47-128-31-16.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 13:23:29.776202 2025] [security2:error] [pid 24064:tid 24064] [client 47.128.31.16:37268] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||med-engineering.com|F|2"] [data ".sjuz.med-engineering.com.ndw.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "med-engineering.com"] [uri "/uom.sjuz.med-engineering.com.ndw.db"] [unique_id "aTsMIV3u8fS7BZ7bOo8j5QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-06 22:37:30
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-12-05 15:10:35
(7 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
nodepile
2025-11-26 17:56:09
(7 months ago)
Repeatedly blocked bad web bot (tenant=82 method=GET path=/albums/E46Orion/p46orion2.sized.jpg ua='M ...
show more
Repeatedly blocked bad web bot (tenant=82 method=GET path=/albums/E46Orion/p46orion2.sized.jpg ua='Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )')
show less
Bad Web Bot