๐ฆ๐บ
MAGIC
2025-10-05 03:00:37
(9 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐ช๐ธ
tutaim.com
2025-09-19 22:00:28
(9 months ago)
โ [20/09/25] This IP has been detected performing multiple attacks on websites (3 attempts blocked). ...
show more
โ [20/09/25] This IP has been detected performing multiple attacks on websites (3 attempts blocked). Potential malicious activity.
show less
FTP Brute-Force
Brute-Force
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2025-09-19 19:09:45
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.co ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 19 15:09:38.845912 2025] [security2:error] [pid 17172:tid 17172] [client 107.174.2.38:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/.env"] [unique_id "aM2qciWmGCLhSvdgNb22ZwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Roper123
2025-09-19 19:05:47
(9 months ago)
Web exploits
Web App Attack
๐บ๐ธ
MogBox
2025-09-19 18:14:02
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (US/United States/107-174-2-38-hos ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (US/United States/107-174-2-38-host.colocrossing.com): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Fri Sep 19 14:13:51.780354 2025] [security2:error] [pid 3085907:tid 3085936] [remote 107.174.2.38:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mogs.lol"] [uri "/.env"] [unique_id "aM2dX368S--oqCadGZWTLQAAAxc"]
show less
Hacking
๐ฌ๐ง
Swiptly
2025-09-19 16:38:25
(9 months ago)
Bot scanning for environment files .env .env/\*
...
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-19 15:44:34
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.co ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 19 11:44:28.188585 2025] [security2:error] [pid 31319:tid 31319] [client 107.174.2.38:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cheferica.com"] [uri "/.env"] [unique_id "aM16XLE_ltXHyvAREvlFOQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
kjaerulff
2025-09-19 13:55:02
(9 months ago)
Probed for .env vounabilities - 2 times
Web App Attack
๐ฌ๐ง
pinguin
2025-09-19 11:54:06
(9 months ago)
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET meth ...
show more
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env
UA: Empty string
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ช๐ธ
tutaim.com
2025-09-19 10:00:25
(9 months ago)
โ [19/09/25] This IP has been detected performing multiple attacks on websites (3 attempts blocked). ...
show more
โ [19/09/25] This IP has been detected performing multiple attacks on websites (3 attempts blocked). Potential malicious activity.
show less
FTP Brute-Force
Brute-Force
Web App Attack
SSH
๐ฉ๐ช
bryth
2025-09-19 09:27:02
(9 months ago)
Wordpress login/xmlrpc abuse (Fri Sep 19 09:25:37 AM UTC 2025)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-19 08:46:44
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.co ...
show more
(mod_security) mod_security (id:210492) triggered by 107.174.2.38 (107-174-2-38-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 19 04:46:41.278735 2025] [security2:error] [pid 28819:tid 28819] [client 107.174.2.38:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caspina.com"] [uri "/.env"] [unique_id "aM0YcW_TLoJf0eZ28xNrwAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
advena
2025-09-19 07:30:56
(9 months ago)
107.174.2.38 (AS36352 AS-COLOCROSSING) was intercepted at 2025-09-19T07:19:53Z after violating WAF d ...
show more
107.174.2.38 (AS36352 AS-COLOCROSSING) was intercepted at 2025-09-19T07:19:53Z after violating WAF directive: 874a3e315c344b1281ad4f00046aab6f. Pre-cautionary/corrective action applied: block.
show less
Web Spam
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
myagent.site
2025-09-19 07:25:08
(9 months ago)
Blocking for trying to access an exploit file: /.env
Hacking
๐ซ๐ท
โจ
2025-09-19 04:46:03
(9 months ago)
Domain : tripoli-spain.org
Rule : env
2025-09-19 04:44:51 152.53.151.170 GET /.env - 80 - 172.70.207 ...
show more
Domain : tripoli-spain.org
Rule : env
2025-09-19 04:44:51 152.53.151.170 GET /.env - 80 - 172.70.207.203 HTTP/1.1 - - tripoli-spain.org 301 0 0 344 298 149 - 107.174.2.38
show less
Hacking
SQL Injection