Anonymous
2026-07-09 17:43:44
(3 days ago)
<jail> banned by fail2ban
Brute-Force
Web App Attack
๐ฉ๐ช
webanyone
2026-07-01 12:00:42
(1 week ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-01 11:59:56
(1 week ago)
Excessive multi-domain requests
Brute-Force
๐ซ๐ฎ
as211431.net
2026-07-01 08:35:04
(1 week ago)
Triggered Cloudflare WAF (firewallCustom) from AU.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from AU.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env.dev
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
ghostwarriors
2026-07-01 05:50:11
(1 week ago)
Attempts against non-existent wp-login
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:55:06
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:54:58.583496 2026] [security2:error] [pid 15460:tid 15460] [client 168.138.23.15:50918] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vaxd.cs-mall.com"] [uri "/.env.production"] [unique_id "akSPkjjho9kL7cQkQb17zwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:24:30
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:24:23.112247 2026] [security2:error] [pid 29585:tid 29585] [client 168.138.23.15:47558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dbfitwell.securitymontana.com"] [uri "/.env.old"] [unique_id "akSIZ_a7LXqerQuiHoVfVQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 02:00:00
(1 week ago)
Aggressive web scan
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-06-30 23:07:50
(1 week ago)
(mod_security-custom) mod_security (id:210492) triggered by 168.138.23.15 (AU/Australia/Victoria/Bur ...
show more
(mod_security-custom) mod_security (id:210492) triggered by 168.138.23.15 (AU/Australia/Victoria/Burnside/-/[AS31898 ORACLE-BMC-31898]): 1 in the last 3600 secs (0-srv1)
show less
Hacking
๐ฆ๐น
Erpelstolz
2026-06-30 21:53:45
(1 week ago)
VM 131: 168.138.23.15 - - [30/Jun/2026:23:53:44 +0200] "GET /backend/.env HTTP/1.1" 404 6236
Web App Attack
Anonymous
2026-06-30 21:25:03
(1 week ago)
Bot / scanning and/or hacking attempts: GET /.env.production HTTP/1.1, GET /.env.development HTTP/1. ...
show more
Bot / scanning and/or hacking attempts: GET /.env.production HTTP/1.1, GET /.env.development HTTP/1.1, GET /.env.local HTTP/1.1, GET /.env.staging HTTP/1.1, GET /config HTTP/1.1, GET /.env HTTP/1.1, GET / HTTP/1.1, GET /.env.dev HTTP/1.1, GET /.env.prod HTTP/1.1, GET /.env.test HTTP/1.1
show less
Hacking
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-30 20:14:11
(1 week ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-30 19:40:13
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12
Exploited Host
Web App Attack
๐ฌ๐ง
Oakley
2026-06-30 19:26:32
(1 week ago)
(confirmed_bot_sig) Confirmed bot
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 19:20:19
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 168.138.23.15 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:20:11.890462 2026] [security2:error] [pid 26646:tid 26646] [client 168.138.23.15:48518] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ferrarapanfitness.com"] [uri "/.env.development"] [unique_id "akQW64DMNtW2HJZXIpyRiAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack