๐ฎ๐ฉ
David Koswari
2026-06-29 05:35:00
(1 day ago)
REQ_BLOCKED_ACL
DDoS Attack
FTP Brute-Force
Ping of Death
Port Scan
Hacking
SQL Injection
Spoofing
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
SSH
IoT Targeted
๐บ๐ธ
TPI-Abuse
2026-06-20 22:53:43
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 18:53:36.787620 2026] [security2:error] [pid 25731:tid 25731] [client 60.20.50.20:47401] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.grupogasa.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.grupogasa.com"] [uri "/"] [unique_id "ajcZ8GPXpTX8NhC2_7fcRwAAAAA"], referer: http://www.grupogasa.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 23:52:44
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 19:52:36.314797 2026] [security2:error] [pid 10983:tid 10989] [client 60.20.50.20:19639] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||securitymediaservices.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "securitymediaservices.com"] [uri "/"] [unique_id "ai3tRNIjgH3cuDkWZAk7pQAAAIQ"], referer: http://securitymediaservices.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-01 22:32:11
(4 weeks ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:32:02.397869 2026] [security2:error] [pid 19077:tid 19077] [client 60.20.50.20:44424] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||surrenderhouse.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "surrenderhouse.com"] [uri "/index.php"] [unique_id "ah4IYrtrW1K6gJ967k-89AAAAAE"], referer: http://surrenderhouse.com/index.php
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-16 20:32:46
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 16:32:41.999427 2026] [security2:error] [pid 23770:tid 23770] [client 60.20.50.20:26734] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||rajabarber.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "rajabarber.com"] [uri "/"] [unique_id "agjUaQvfqi25J8fo_-gbAgAAAAo"], referer: https://rajabarber.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-02 23:57:06
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 19:56:58.724113 2026] [security2:error] [pid 28156:tid 28156] [client 60.20.50.20:39949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||jetzilla.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jetzilla.com"] [uri "/"] [unique_id "afaPSlzvrNFLZum57PYihgAAAA4"], referer: http://jetzilla.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Sklurk
2026-04-05 03:58:18
(2 months ago)
Web App Attack
Web App Attack
๐จ๐ฆ
1gz
2026-03-30 12:22:11
(3 months ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /
UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฆ๐น
urnilxfgbez
2026-03-21 23:45:00
(3 months ago)
Last 24 Hours suspicious: (DPT=445|DPT=3389|DPT=22|DPT=3306|DPT=8080|DPT=23|DPT=5900|DPT=1433)
Port Scan
๐ต๐ฑ
sefinek.net
2026-03-21 22:01:27
(3 months ago)
Blocked by UFW on PL02 [443/tcp] | SPT: 48488 | TTL: 36 | LEN: 40 | TOS: 0x00 โข Reported by: github. ...
show more
Blocked by UFW on PL02 [443/tcp] | SPT: 48488 | TTL: 36 | LEN: 40 | TOS: 0x00 โข Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
Web App Attack
Anonymous
2026-03-21 04:01:40
(3 months ago)
Unauthorized connection attempt on Port 23
Port Scan
Hacking
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-02-27 22:21:13
(4 months ago)
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 17:21:05.282625 2026] [security2:error] [pid 30408:tid 30443] [client 60.20.50.20:55192] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||jrc3.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jrc3.com"] [uri "/"] [unique_id "aaIY0URwPXOWR4j3vsB6BQAAAUQ"], referer: http://jrc3.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
oncord
2026-02-19 11:50:44
(4 months ago)
Form spam
Web Spam
๐ฎ๐น
VHosting
2026-02-05 22:47:29
(4 months ago)
Detected mail brute force attack from 4 different servers
Brute-Force
๐บ๐ธ
kosada.com
2025-09-27 07:56:20
(9 months ago)
Web bot: DDoS
DDoS Attack
Bad Web Bot