As an aside, I use CSF Firewall to detect malicious attacks, block the attackers, add the IP’s to an ephemeral blocklist that I maintain, and feed them to AbuseIPDB if they persist.
Many of the reports made on my AbuseIPDB account began with CSF detecting the malicious activity. Others were from various honeypots that I have scattered throughout my sites, as well as spam-detection scripts on many of my contact pages.
It gives me the giggles.
Richard