π―π΅
S.O.B.A. Dev.
2026-03-09 23:04:01
(3 months ago)
Web vulnerability scanning
Brute-Force
Web Spam
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-09 16:37:16
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 12:37:11.507350 2026] [security2:error] [pid 17302:tid 17302] [client 98.159.226.31:51379] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hodlmoser.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hodlmoser.com"] [uri "/bak/mysql.sql"] [unique_id "aa73NyfPmbFiHne5t_-amAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
BlueWire Hosting
2026-03-09 08:10:28
(3 months ago)
Suspicious HTTP(s) activity without a user agent provided
Bad Web Bot
Anonymous
2026-03-03 20:58:19
(4 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-03-03 18:25:45
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 13:25:36.527277 2026] [security2:error] [pid 7057:tid 7057] [client 98.159.226.31:29355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "qcryptocoin.com"] [uri "/bak/sftp-config.json"] [unique_id "aacnoBA0yiU5b0y8idQdsAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Axel
2026-03-03 13:34:02
(4 months ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /backup/sftp- ...
show more
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /backup/sftp-config.json Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
πΊπΈ
TPI-Abuse
2026-03-02 07:36:44
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 02 02:36:39.349301 2026] [security2:error] [pid 5511:tid 5511] [client 98.159.226.31:48457] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||intercotrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intercotrading.com"] [uri "/restore/www.sql"] [unique_id "aaU-B5HWeDkguk9age1IUQAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π΅πΎ
armandosaucedo.me
2026-02-28 01:47:57
(4 months ago)
98.159.226.31 - - [28/Feb/2026:01:47:53 +0000] "HEAD /back/backup.sql HTTP/1.1" 403 - "-" "-"
Web App Attack
π³πΏ
Tripwire
2026-02-23 23:45:01
(4 months ago)
Scanning for exploits - /backup/public_html.tar
Web App Attack
π¬π§
pinguin
2026-02-20 03:21:47
(4 months ago)
Triggered Cloudflare WAF (firewallManaged) from NL.
Action taken: LOG
Protocol: HTTP/1.1 (HEAD metho ...
show more
Triggered Cloudflare WAF (firewallManaged) from NL.
Action taken: LOG
Protocol: HTTP/1.1 (HEAD method)
Endpoint: /backups/wallet.dat
UA: Empty string
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-02-19 19:05:53
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 14:05:48.167060 2026] [security2:error] [pid 9274:tid 9274] [client 98.159.226.31:45331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3dsportschannel.com"] [uri "/back/sftp-config.json"] [unique_id "aZdfDP2Am33ECkdLnECYNAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-15 06:54:05
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:53:57.740049 2026] [security2:error] [pid 28596:tid 28596] [client 98.159.226.31:22361] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||jussetcotradinglimited.co|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jussetcotradinglimited.co"] [uri "/www.sql"] [unique_id "aZFtha9Emqu5LOf1t9swFwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-13 19:32:27
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 14:32:22.396543 2026] [security2:error] [pid 16903:tid 16903] [client 98.159.226.31:31589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mindtoken.app"] [uri "/old/sftp-config.json"] [unique_id "aY98RqTlwejhcdMWybqgdwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-12 04:17:34
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 23:17:29.868128 2026] [security2:error] [pid 10689:tid 10689] [client 98.159.226.31:56799] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||trafficstopper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "trafficstopper.com"] [uri "/restore/sql.sql"] [unique_id "aY1UWXviexY53WiDdvn4tQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-12 02:41:13
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 98.159.226.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 21:41:09.318730 2026] [security2:error] [pid 24907:tid 24907] [client 98.159.226.31:52873] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mpaexchangeinc.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mpaexchangeinc.com"] [uri "/restore/wallet.dat"] [unique_id "aY09xcoaW2Vq_cTMOIlPEgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack