๐บ๐ธ
MatCat
2026-07-18 09:35:37
(6 hours ago)
Banned by fail2ban: apache-webprobe
Port Scan
Bad Web Bot
๐ณ๐ด
Bots.go.to.hell
2026-07-17 17:45:29
(22 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-17 15:23:59
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 11:23:44.171496 2026] [security2:error] [pid 1251705:tid 1251730] [client 125.124.7.140:34805] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.certifiedfinancialmanager.aafm.us"] [uri "/.env"] [unique_id "alpJAPzGzcM2m514praKwAAAARU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 12:34:49
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 08:34:43.104576 2026] [security2:error] [pid 764229:tid 764229] [client 125.124.7.140:41522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "visithastingsvillage.com"] [uri "/.env"] [unique_id "alohY0d_yMB0s91MT79O1AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
000rosiu
2026-07-17 10:52:00
(1 day ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoi ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoint: /.env.test | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc) โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-17 10:45:13
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:45:08.817111 2026] [security2:error] [pid 11923:tid 11923] [client 125.124.7.140:44726] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "advantagebrandservices.advantageinvestigation.com"] [uri "/.env.staging"] [unique_id "aloHtA7I9t9GqPLcRi43ZgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-17 06:38:06
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:31:37
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:31:27.852958 2026] [security2:error] [pid 18990:tid 18990] [client 125.124.7.140:44689] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.asiancommoditiescorporation.com"] [uri "/.env.prod"] [unique_id "alnMP7vZOq7dZ7RO_RykAAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:10:09
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:10:02.669415 2026] [security2:error] [pid 18185:tid 18185] [client 125.124.7.140:34290] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sprek.net.sprektech.com"] [uri "/backend/.env"] [unique_id "almdCs3W2sLGYpsqNmdUAAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 03:08:11
(1 day ago)
{"reqId":"iKS6u3dwadb00hutk5RG","level":1,"time":"2026-07-17T05:06:04+02:00","remoteAddr":"125.124.7 ...
show more
{"reqId":"iKS6u3dwadb00hutk5RG","level":1,"time":"2026-07-17T05:06:04+02:00","remoteAddr":"125.124.7.140","user":"--","app":"core","method":"GET","url":"/docker-compose.dev.yml","scriptName":"/index.php","message":"Trusted domain error. \"125.124.7.140\" tried to access using \"proxy.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvyxran.love; +https://silver.inc)","version":"34.0.1.2","data":{"app":"core"}}
{"reqId":"er7zOHFsydK2kP2r3xIw","level":1,"time":"2026-07-17T05:06:08+02:00","remoteAddr":"125.124.7.140","user":"--","app":"core","method":"GET","url":"/docker-compose.prod.yml","scriptName":"/index.php","message":"Trusted domain error. \"125.124.7.140\" tried to access using \"proxy.khomri.com\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran; +https://silvy
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 02:50:04
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 22:49:58.611094 2026] [security2:error] [pid 27898:tid 27898] [client 125.124.7.140:40249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "committeeonstates.progressivefileshare.org"] [uri "/.env.bak"] [unique_id "almYVsqWWRqOszCscg99VwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
Olexiy Backend
2026-07-17 02:19:27
(1 day ago)
125.124.7.140
...
Bad Web Bot
Web App Attack
๐บ๐ธ
RH5
2026-07-17 02:14:52
(1 day ago)
Restricted URL probing (/.env) (UTC 2026-07-17 02:14)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:50:52
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:50:43.501052 2026] [security2:error] [pid 23831:tid 23831] [client 125.124.7.140:39464] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "progresstraining.info"] [uri "/.env.dev"] [unique_id "almKc9yRwr3_oQ_WdOizQAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:14:55
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 125.124.7.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:14:49.813448 2026] [security2:error] [pid 62148:tid 62148] [client 125.124.7.140:41194] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jodstar.com"] [uri "/backup/.env"] [unique_id "almCCdgden2IUcjZIRhTPQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack