๐ท๐บ
DZBOT
2026-06-10 23:02:34
(3 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ณ๐ฑ
wolfemium
2026-05-12 17:13:22
(1 month ago)
141.101.99.5 - - [12/May/2026:20:12:40 +0300] "GET /php-info.php HTTP/2.0" 502 150 "-" "Mozilla/5.0" ...
show more
141.101.99.5 - - [12/May/2026:20:12:40 +0300] "GET /php-info.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
141.101.99.5 - - [12/May/2026:20:12:40 +0300] "GET /php.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
141.101.99.5 - - [12/May/2026:20:12:40 +0300] "GET /i.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
141.101.99.5 - - [12/May/2026:20:12:41 +0300] "GET /pi.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
141.101.99.5 - - [12/May/2026:20:13:21 +0300] "GET /js../../app/etc/env.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
141.101.99.5 - - [12/May/2026:20:13:21 +0300] "GET /img../../app/etc/env.php HTTP/2.0" 502 150 "-" "Mozilla/5.0"
...
show less
DDoS Attack
๐ฌ๐ง
pinguin
2026-05-01 13:04:22
(2 months ago)
Triggered Cloudflare WAF (firewallManaged) from GB.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from GB.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /.env.production
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:138.0) Gecko/20100101 Firefox/138.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฌ๐ง
pinguin
2026-04-24 05:03:33
(2 months ago)
Triggered Cloudflare WAF (firewallManaged) from GB.
Action taken: LOG
Protocol: HTTP/2 (GET method)
...
show more
Triggered Cloudflare WAF (firewallManaged) from GB.
Action taken: LOG
Protocol: HTTP/2 (GET method)
Endpoint: /.env.production.bak
UA: DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-04-09 02:48:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 22:48:05.052977 2026] [security2:error] [pid 2547536:tid 2547536] [client 141.101.99.5:10187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hvac.cloudex.link"] [uri "/.git/refs/heads/main"] [unique_id "adcTZR3lY0ZPGyX_U5c0lAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 19:51:21
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 15:51:14.822511 2026] [security2:error] [pid 3176655:tid 3176655] [client 141.101.99.5:11823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.desertvacationvillas.com"] [uri "/.env.local.backup"] [unique_id "adaxsranWk8q3d-Ec233fgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 16:06:41
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 12:06:34.436659 2026] [security2:error] [pid 2366254:tid 2366254] [client 141.101.99.5:9422] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "foodnest.com.polydorou.eu"] [uri "/.env.dev"] [unique_id "adZ9ClzUaCBuzBoXU1E0LwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 14:28:23
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 10:28:17.780343 2026] [security2:error] [pid 1951288:tid 1951338] [client 141.101.99.5:11202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.joeandlane.com"] [uri "/.env.json"] [unique_id "adZmAbO8dkndRnHFBCrZKwAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 13:19:19
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 09:19:14.985561 2026] [security2:error] [pid 2144023:tid 2144023] [client 141.101.99.5:11130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.zztp.ws"] [uri "/.env.bak"] [unique_id "adZV0pFM90e7x7llUfG4egAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 12:41:18
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 08:40:56.765017 2026] [security2:error] [pid 2464603:tid 2464603] [client 141.101.99.5:9242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.snowfection.com"] [uri "/.env.test"] [unique_id "adZM2EqWHRfG0-1Vvdz6jgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 12:17:16
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 08:17:07.345373 2026] [security2:error] [pid 2511318:tid 2511318] [client 141.101.99.5:11575] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.hker.org"] [uri "/.env.dev"] [unique_id "adZHQ7ffbPgrncjonIgJtAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 11:31:28
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 07:31:21.841858 2026] [security2:error] [pid 2584480:tid 2584480] [client 141.101.99.5:12367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.bosdkbook.com"] [uri "/docker/.env"] [unique_id "adY8iadtsVQsLu7I3FNnpwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 07:27:11
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 03:27:07.224655 2026] [security2:error] [pid 1966961:tid 1967062] [client 141.101.99.5:12410] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.atechtransmission.com"] [uri "/.env.backup"] [unique_id "adYDSw8JMLE4IUZqUCI0cgAAAIs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 06:32:37
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 02:32:31.631317 2026] [security2:error] [pid 1939280:tid 1939280] [client 141.101.99.5:11687] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rhkglobal.com"] [uri "/.env~"] [unique_id "adX2f0OUaZKLjRcaBJ4ZlAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 05:35:06
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 141.101.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 01:35:01.791724 2026] [security2:error] [pid 3235254:tid 3235254] [client 141.101.99.5:13042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insecticida.aguasolar.com"] [uri "/docker/.env"] [unique_id "adXpBVDtvU8U5rr8yGjDMQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack