๐บ๐ธ
TPI-Abuse
2026-07-01 09:41:04
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 05:40:56.431959 2026] [security2:error] [pid 1807:tid 1807] [client 112.213.38.58:51048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.discover.tracybur.net"] [uri "/.env"] [unique_id "akTgqKXwxzpsMUvJme46zQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
as211431.net
2026-07-01 08:35:00
(1 day ago)
Triggered Cloudflare WAF (firewallCustom) from AU.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from AU.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env.development
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฌ๐ง
Axel
2026-07-01 04:08:07
(1 day ago)
Blocked by Fail2Ban. Flagged by jail recidive | UK-01
Brute-Force
๐ฌ๐ง
Axel
2026-07-01 03:52:02
(1 day ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.product ...
show more
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.production.local Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-01 03:24:26
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:24:18.102213 2026] [security2:error] [pid 27281:tid 27281] [client 112.213.38.58:58164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dbfitwell.securitymontana.com"] [uri "/.env.save"] [unique_id "akSIYvVLORtDEKv4Vxw82wAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
voormedia
2026-07-01 02:53:58
(1 day ago)
Accessed trap at '/docker-compose.yml'
Web App Attack
Anonymous
2026-06-30 23:33:03
(2 days ago)
112.213.38.58 - - [01/Jul/2026:01:33:03 +0200] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Window ...
show more
112.213.38.58 - - [01/Jul/2026:01:33:03 +0200] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
show less
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-30 23:32:33
(2 days ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 23:18:01
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 19:17:56.905988 2026] [security2:error] [pid 25565:tid 25565] [client 112.213.38.58:48992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arborterra.org"] [uri "/.env.save"] [unique_id "akROpNIy8kAnwM81fpSuWQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-30 22:29:10
(2 days ago)
(modsecurity) srv101 ModSecurity 112.213.38.58 (AU/Australia/112.213.38.58): 10 in the last 3600 sec ...
show more
(modsecurity) srv101 ModSecurity 112.213.38.58 (AU/Australia/112.213.38.58): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 21:25:53
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 17:25:46.621576 2026] [security2:error] [pid 19208:tid 19230] [client 112.213.38.58:60336] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nicholsinvest.com"] [uri "/.env.development"] [unique_id "akQ0WguUjo69gthu0Y3_xAAAAE4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-06-30 21:18:58
(2 days ago)
Scanning for exploits - /.env.local
Web App Attack
๐ท๐บ
DZBOT
2026-06-30 20:39:51
(2 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-30 20:39:32
(2 days ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 20:35:18
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 30 ...
show more
(mod_security) mod_security (id:210492) triggered by 112.213.38.58 (112.213.38.58): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 16:35:12.623510 2026] [security2:error] [pid 10568:tid 10568] [client 112.213.38.58:44742] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.giff.cloud.fiyaplatform.com"] [uri "/.env.old"] [unique_id "akQogO5OT6sPM9CJVjLoFQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack