MogBox - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User MogBox joined AbuseIPDB in October 2022 and has reported 55,411 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER

IP	Date	Comment	Categories
🇳🇱 158.94.210.131	03 Jun 2026	Host is actively being used to spread password stealing malware for macOS. Campaign is ran through b ... show more Host is actively being used to spread password stealing malware for macOS. Campaign is ran through bogus GitHub projects that have users execute a base64 encoded command that downloads, and executes, the malware. show less	Hacking
🇩🇪 88.99.147.168	31 May 2026	winio.ai - Site operators use Telegram bots to spam their esports gambling platform	Web Spam Blog Spam
🇳🇱 2001:67c:2660:425:1a::2ca	20 Sep 2025	(mod_security) mod_security (id:210730) triggered by 2001:67c:2660:425:1a::2ca (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:2660:425:1a::2ca (Unknown): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 06:33:59.971364 2025] [security2:error] [pid 3223199:tid 3223229] [client 2001:67c:2660:425:1a::2ca:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mogbox.net\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mogbox.net"] [uri "/wallet.dat"] [unique_id "aM6DF97cuVagyC-uX2ctEgAAAEM"] show less	Hacking
🇸🇬 77.111.245.16	20 Sep 2025	(mod_security) mod_security (id:210730) triggered by 77.111.245.16 (SG/Singapore/-): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 77.111.245.16 (SG/Singapore/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 06:34:00.823016 2025] [security2:error] [pid 3223199:tid 3223235] [client 77.111.245.16:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mogbox.net\|F\|2"] [data ".dat.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mogbox.net"] [uri "/wallet.dat.backup"] [unique_id "aM6DGN7cuVagyC-uX2ctFQAAAEk"] show less	Hacking
🇺🇸 2001:67c:2628:647:38:1300:0:307	20 Sep 2025	(mod_security) mod_security (id:210730) triggered by 2001:67c:2628:647:38:1300:0:307 (Unknown): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:2628:647:38:1300:0:307 (Unknown): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 06:34:00.121164 2025] [security2:error] [pid 3085907:tid 3085948] [client 2001:67c:2628:647:38:1300:0:307:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mogbox.net\|F\|2"] [data ".backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mogbox.net"] [uri "/wallet.backup"] [unique_id "aM6DGH68S--oqCadGZWe8AAAAAk"] show less	Hacking
🇸🇬 184.168.126.97	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇺🇸 43.166.244.251	20 Sep 2025	(mod_security) mod_security (id:210350) triggered by 43.166.244.251 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 43.166.244.251 (US/United States/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 05:32:55.892218 2025] [security2:error] [pid 3223199:tid 3223239] [client 43.166.244.251:46894] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|209.59.154.179:80\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "209.59.154.179"] [uri "/"] [unique_id "aM50x97cuVagyC-uX2cr2QAAAE0"] show less	Hacking
🇺🇸 50.6.152.231	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇺🇸 147.182.196.72	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇳🇱 196.251.88.64	20 Sep 2025	(RSRCTROLL) Vulnerability Trolling: GET/POST /.git/config 196.251.88.64 (NL/The Netherlands/-): 1 in ... show more (RSRCTROLL) Vulnerability Trolling: GET/POST /.git/config 196.251.88.64 (NL/The Netherlands/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 196.251.88.64 - - [20/Sep/2025:03:26:07 -0400] "GET /.git/config HTTP/2.0" 404 167 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" show less	Hacking
🇺🇸 49.51.195.195	20 Sep 2025	(mod_security) mod_security (id:210350) triggered by 49.51.195.195 (US/United States/-): 1 in the la ... show more (mod_security) mod_security (id:210350) triggered by 49.51.195.195 (US/United States/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 02:44:05.796587 2025] [security2:error] [pid 3223199:tid 3223238] [client 49.51.195.195:35518] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|fitchugs.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "fitchugs.com"] [uri "/"] [unique_id "aM5NNd7cuVagyC-uX2cl8wAAAEw"] show less	Hacking
🇸🇬 178.128.22.21	20 Sep 2025	(mod_security) mod_security (id:210492) triggered by 178.128.22.21 (SG/Singapore/-): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 178.128.22.21 (SG/Singapore/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 02:44:02.289218 2025] [security2:error] [pid 3223199:tid 3223229] [client 178.128.22.21:56580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "209.59.154.179"] [uri "/.env"] [unique_id "aM5NMt7cuVagyC-uX2cl8QAAAEM"] show less	Hacking
🇳🇱 196.251.86.9	20 Sep 2025	(mod_security) mod_security (id:210492) triggered by 196.251.86.9 (NL/The Netherlands/-): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 196.251.86.9 (NL/The Netherlands/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 02:15:07.627365 2025] [security2:error] [pid 3223199:tid 3223221] [remote 196.251.86.9:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mogs.lol"] [uri "/.env"] [unique_id "aM5Ga97cuVagyC-uX2clRQAAUBU"] show less	Hacking
🇬🇧 139.59.189.244	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇺🇸 43.166.251.233	20 Sep 2025	(mod_security) mod_security (id:210350) triggered by 43.166.251.233 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 43.166.251.233 (US/United States/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 01:51:10.505412 2025] [security2:error] [pid 3223199:tid 3223226] [client 43.166.251.233:33124] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.fitchugs.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.fitchugs.com"] [uri "/"] [unique_id "aM5Azt7cuVagyC-uX2ckvgAAAEA"] show less	Hacking
🇻🇳 14.225.205.165	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇺🇸 13.90.22.100	20 Sep 2025	(RSRCTROLL) Vulnerability Trolling: GET/POST /info.php 13.90.22.100 (US/United States/-): 1 in the l ... show more (RSRCTROLL) Vulnerability Trolling: GET/POST /info.php 13.90.22.100 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 13.90.22.100 - - [20/Sep/2025:01:29:10 -0400] "GET /info.php HTTP/1.1" 301 235 "-" "-" show less	Hacking
🇺🇸 43.135.186.135	20 Sep 2025	(mod_security) mod_security (id:210350) triggered by 43.135.186.135 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 43.135.186.135 (US/United States/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 01:00:49.175129 2025] [security2:error] [pid 3223199:tid 3223239] [client 43.135.186.135:39134] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|209.59.154.179\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "209.59.154.179"] [uri "/"] [unique_id "aM41Ad7cuVagyC-uX2cjKwAAAE0"] show less	Hacking
🇧🇪 83.217.72.249	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇸🇬 178.128.55.125	20 Sep 2025	(mod_security) mod_security (id:225170) triggered by 178.128.55.125 (SG/Singapore/-): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 178.128.55.125 (SG/Singapore/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Sep 20 00:28:34.230088 2025] [security2:error] [pid 3223199:tid 3223217] [remote 178.128.55.125:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|mogbox.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mogbox.net"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "aM4tct7cuVagyC-uX2cicQAASxE"] show less	Hacking
🇺🇸 132.145.196.107	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇺🇸 190.92.172.106	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇮🇳 2401:4900:8899:8374:b51a:d81d:6c83:f174	20 Sep 2025	Web-based Attack: POST /xmlrpc.php HTTP/2.0	Hacking Web App Attack
🇸🇪 185.195.233.167	20 Sep 2025	(mod_security) mod_security (id:210492) triggered by 185.195.233.167 (SE/Sweden/-): 1 in the last 36 ... show more (mod_security) mod_security (id:210492) triggered by 185.195.233.167 (SE/Sweden/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Fri Sep 19 23:45:03.990056 2025] [security2:error] [pid 3223199:tid 3223232] [client 185.195.233.167:35474] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "209.59.154.179"] [uri "/.env"] [unique_id "aM4jP97cuVagyC-uX2cgZwAAAEY"] show less	Hacking
🇮🇩 43.133.139.6	20 Sep 2025	(mod_security) mod_security (id:210350) triggered by 43.133.139.6 (ID/Indonesia/-): 1 in the last 36 ... show more (mod_security) mod_security (id:210350) triggered by 43.133.139.6 (ID/Indonesia/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Fri Sep 19 22:40:51.038426 2025] [security2:error] [pid 3085907:tid 3085949] [client 43.133.139.6:42404] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|209.59.154.179:80\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "209.59.154.179"] [uri "/"] [unique_id "aM4UM368S--oqCadGZWaAwAAAAo"] show less	Hacking