MogBox - AbuseIPDB User Profile

User MogBox joined AbuseIPDB in October 2022 and has reported 28,058 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER

IP	Date	Comment	Categories
3.14.183.191	23 minutes ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
194.182.79.189	39 minutes ago	(mod_security) mod_security (id:210492) triggered by 194.182.79.189 (CZ/Czechia/host189-79-182-194.s ... show more(mod_security) mod_security (id:210492) triggered by 194.182.79.189 (CZ/Czechia/host189-79-182-194.serverdedicati.aruba.it): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Mar 17 19:57:20.378123 2025] [security2:error] [pid 571789:tid 571827] [client 194.182.79.189:0] [client 194.182.79.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mogbox.net"] [uri "/.env"] [unique_id "Z9i24CaqII7q_V5SrtBJgwAAAEs"] show less	Hacking
52.143.150.25	55 minutes ago	(mod_security) mod_security (id:210492) triggered by 52.143.150.25 (FR/France/-): 1 in the last 3600 ... show more(mod_security) mod_security (id:210492) triggered by 52.143.150.25 (FR/France/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Mar 17 19:40:50.238540 2025] [security2:error] [pid 571789:tid 571826] [client 52.143.150.25:53450] [client 52.143.150.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "67.225.186.60"] [uri "/.env"] [unique_id "Z9izAiaqII7q_V5SrtBJHAAAAEo"] show less	Hacking
40.65.197.122	1 hour ago	(RSRCTROLL) Vulnerability Trolling: GET/POST /wp-includes/Text/ 40.65.197.122 (US/United States/-): ... show more(RSRCTROLL) Vulnerability Trolling: GET/POST /wp-includes/Text/ 40.65.197.122 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 40.65.197.122 - - [17/Mar/2025:19:36:21 -0400] "GET /wp-includes/Text/network.php HTTP/2.0" 404 167 "-" "-" show less	Hacking
173.236.208.250	1 hour ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
62.169.20.37	1 hour ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
81.71.88.89	2 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
52.143.150.25	2 hours ago	(mod_security) mod_security (id:210492) triggered by 52.143.150.25 (FR/France/-): 1 in the last 3600 ... show more(mod_security) mod_security (id:210492) triggered by 52.143.150.25 (FR/France/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Mar 17 18:11:03.371567 2025] [security2:error] [pid 489255:tid 489295] [client 52.143.150.25:52842] [client 52.143.150.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "67.225.186.60"] [uri "/.env"] [unique_id "Z9id98S8EzZgfbhS4elBmAAAAAg"] show less	Hacking
193.164.17.45	2 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
185.220.206.115	3 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
189.8.95.50	3 hours ago	(mod_security) mod_security (id:5000130) triggered by 189.8.95.50 (BR/Brazil/-): 1 in the last 3600 ... show more(mod_security) mod_security (id:5000130) triggered by 189.8.95.50 (BR/Brazil/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Mar 17 16:45:39.154183 2025] [security2:error] [pid 489703:tid 489738] [client 189.8.95.50:0] [client 189.8.95.50] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec2.rules.conf"] [line "534"] [id "5000130"] [msg "wp-login request blocked, no referer"] [hostname "mogbox.net"] [uri "/wp-login.php"] [unique_id "Z9iJ8ycezr6igROR43c84AAAAEg"] show less	Hacking
20.205.110.167	3 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
164.92.113.119	4 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
2400:8500:1301:738:133:130:103:36	4 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
135.125.183.119	5 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
128.199.172.101	5 hours ago	(mod_security) mod_security (id:210492) triggered by 128.199.172.101 (SG/Singapore/-): 1 in the last ... show more(mod_security) mod_security (id:210492) triggered by 128.199.172.101 (SG/Singapore/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Mar 17 15:20:21.568587 2025] [security2:error] [pid 489255:tid 489304] [client 128.199.172.101:40428] [client 128.199.172.101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "67.225.186.60"] [uri "/.env"] [unique_id "Z9h19cS8EzZgfbhS4ek9pwAAABE"] show less	Hacking
186.64.116.115	5 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
103.81.84.34	5 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
45.84.107.55	6 hours ago	Web-based Attack: GET /xmlrpc.php?rsd HTTP/2.0	Hacking Web App Attack
167.71.69.173	6 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
192.250.239.61	6 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
185.98.5.118	6 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
172.236.156.242	7 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
65.108.41.171	7 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
157.245.6.207	7 hours ago	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack