Anonymous
2026-06-30 07:05:13
(1 week ago)
Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=72
Hacking
๐ฉ๐ช
Gwyneth Llewelyn
2026-06-30 06:22:48
(1 week ago)
2026/06/30 07:22:46 [error] 1094874#1094874: *2214997 access forbidden by rule, client: 113.142.143. ...
show more
2026/06/30 07:22:46 [error] 1094874#1094874: *2214997 access forbidden by rule, client: 113.142.143.20, server: [redacted], request: "GET /frontend/.env HTTP/1.1", host: "[redacted]"
2026/06/30 07:22:46 [error] 1094874#1094874: *2214997 access forbidden by rule, client: 113.142.143.20, server: [redacted], request: "GET /api/.env HTTP/1.1", host: "[redacted]"
2026/06/30 07:22:47 [error] 1094874#1094874: *2214997 access forbidden by rule, client: 113.142.143.20, server: [redacted], request: "GET /server/.env HTTP/1.1", host: "[redacted]"
show less
Brute-Force
Web App Attack
๐บ๐ธ
Lee Daniel
2026-06-30 06:05:25
(1 week ago)
113.142.143.20 - - [30/Jun/2026:02:05:12 -0400] "GET /config/secrets.yml HTTP/1.1" 404 24435 "-" "Mo ...
show more
113.142.143.20 - - [30/Jun/2026:02:05:12 -0400] "GET /config/secrets.yml HTTP/1.1" 404 24435 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
113.142.143.20 - - [30/Jun/2026:02:05:13 -0400] "GET /config/master.key HTTP/1.1" 404 24439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
113.142.143.20 - - [30/Jun/2026:02:05:18 -0400] "GET /config/app.php HTTP/1.1" 404 24428 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
113.142.143.20 - - [30/Jun/2026:02:05:19 -0400] "GET /application.properties HTTP/1.1" 404 24436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
113.142.143.20 - - [30/Jun/2026:02:05:25 -0400] "GET /application.yaml HTTP/1.1" 404 24430 "-" "Mozil
...
show less
DDoS Attack
Web Spam
Email Spam
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
khlab
2026-06-29 00:50:54
(1 week ago)
Honeypot triggered on web app: probed /.env
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 05:38:42
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 113.142.143.20 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 113.142.143.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 01:38:25.325816 2026] [security2:error] [pid 28646:tid 28656] [client 113.142.143.20:42168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.surdick.com.faimreps.com"] [uri "/.env"] [unique_id "aj9h0RsYjGwLUTdcCOslbAAAAMA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-06-26 22:03:08
(1 week ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-25.
show less
Web App Attack
SSH
Hacking
๐ฉ๐ช
Carsten
2026-06-26 15:36:58
(1 week ago)
GET [.env.local]
Port Scan
๐ณ๐ฑ
homeshowdomain.nl
2026-06-25 22:03:30
(2 weeks ago)
Auto-ban: >3000 req/min op 2026-06-25
Web App Attack
SSH
Hacking
๐จ๐ญ
flaus
2026-06-25 21:33:36
(2 weeks ago)
$f2bV_matches
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 16:15:04
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 113.142.143.20 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 113.142.143.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 12:14:55.413778 2026] [security2:error] [pid 14730:tid 14756] [client 113.142.143.20:53592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aceelectricalsupplies.com"] [uri "/.env.production"] [unique_id "aj1T_-V2BQ1HhYbRNdanoAAAAZg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Vano Ganzzz
2026-06-25 12:19:14
(2 weeks ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 134768 (CHINANET SHAANXI ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 134768 (CHINANET SHAANXI province Cloud Base network)
Protocol: HTTP/1.1 (GET method)
Endpoint: /config
Timestamp: 2026-06-25T12:19:14Z
Ray ID: a113eb5c9c761c7c
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
show less
Bad Web Bot
๐ซ๐ฎ
as211431.net
2026-06-25 08:56:19
(2 weeks ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /config
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot