๐บ๐ฆ
URAN Publishing Service
2026-07-01 06:00:40
(6 hours ago)
121.229.41.72 - - [01/Jul/2026:09:00:39 +0300] "GET /app/.env HTTP/1.1" 404 741 "-" "Mozilla/5.0 (Wi ...
show more
121.229.41.72 - - [01/Jul/2026:09:00:39 +0300] "GET /app/.env HTTP/1.1" 404 741 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
121.229.41.72 - - [01/Jul/2026:09:00:39 +0300] "GET /src/.env HTTP/1.1" 404 741 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 04:03:56
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 00:03:50.229515 2026] [security2:error] [pid 19182:tid 19182] [client 121.229.41.72:56180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pattifox.com"] [uri "/.env.local"] [unique_id "akSRpuqLyI9U0vYylmhSrgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:23:41
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:23:36.117675 2026] [security2:error] [pid 27990:tid 27990] [client 121.229.41.72:51313] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dbfitwell.securitymontana.com"] [uri "/.env.dev"] [unique_id "akSIOJskfF6qKEj60ghKUAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
boxed-it
2026-07-01 03:10:53
(9 hours ago)
GET /config/.env (Tarpitted for 2m10s, wasted 7.73kB)
Web App Attack
Anonymous
2026-07-01 03:03:59
(9 hours ago)
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show more
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy โ zero tolerance for exploit scanning. Banned Jul 1, 03:03 UTC. Origin: China, Shanghai.
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 01:17:15
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 21:17:07.100804 2026] [security2:error] [pid 13145:tid 13145] [client 121.229.41.72:37592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "littlehornengineering.com"] [uri "/.env.prod"] [unique_id "akRqk5sI00OX5d39Zrdy4gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
as211431.net
2026-06-30 22:55:39
(13 hours ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env.backup
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ซ๐ท
Rom74
2026-06-30 22:04:57
(14 hours ago)
[Wed Jul 01 00:04:54.755117 2026] [security2:error] [pid 878426:tid 128212367460032] [client 121.229 ...
show more
[Wed Jul 01 00:04:54.755117 2026] [security2:error] [pid 878426:tid 128212367460032] [client 121.229.41.72:35599] [client 121.229.41.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nextcloud.ton-espace.com"] [uri "/temp/.env"] [unique_id "akQ9hrHFeLf3qe3Bfswd_gAAAAQ"]
[Wed Jul 01 00:04:55.197591 2026] [security2:error] [pid 878426:tid 128212088649408] [client 121.229.41.72:35599] [client 121.229.41.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Ex
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 21:25:24
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 17:25:18.155643 2026] [security2:error] [pid 20761:tid 20809] [client 121.229.41.72:57992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nicholsinvest.com"] [uri "/.env"] [unique_id "akQ0PhCc6jmWZg9CohtG1wAAAcg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
SwinT
2026-06-30 21:00:09
(15 hours ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
Anonymous
2026-06-30 19:44:38
(16 hours ago)
Aggressive web scan
Web App Attack
๐ฉ๐ช
Roper123
2026-06-30 19:26:34
(16 hours ago)
Web exploits
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 17:00:16
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 13:00:09.606888 2026] [security2:error] [pid 15963:tid 15963] [client 121.229.41.72:40276] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thevoice4you.eu"] [uri "/.env~"] [unique_id "akP2GdvKRCj7xeh9x8GW2gAAAFw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 13:50:31
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:50:24.732471 2026] [security2:error] [pid 12397:tid 12397] [client 121.229.41.72:48418] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lphalloweenparty.joesteiner.com"] [uri "/.env.prod"] [unique_id "akPJoIisOqaArWd99kxDeAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 11:09:42
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 121.229.41.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 07:09:38.323568 2026] [security2:error] [pid 24899:tid 24899] [client 121.229.41.72:54493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bluewireproject.com"] [uri "/.env.staging"] [unique_id "akOj8pil6wnXMtWLbU-VEgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack