๐ณ๐ฑ
Site.eu
2025-09-08 07:26:19
(10 months ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2025-09-08 06:00:00
(10 months ago)
.env directory scanning
Web App Attack
๐ซ๐ฎ
as211431.net
2025-09-08 03:27:42
(10 months ago)
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /config/.env
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/22.0.632.88 Safari/535.19
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ซ๐ท
dynamix
2025-09-07 21:48:32
(10 months ago)
Multiple WAF Violations
Web App Attack
๐จ๐ฆ
polycoda
2025-09-07 11:53:04
(10 months ago)
๐งญ vhost fuzzing
Hacking
Web App Attack
๐ฒ๐พ
Rizzy
2025-09-07 00:46:04
(10 months ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-07 00:34:27
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 20:34:20.221120 2025] [security2:error] [pid 27725:tid 27725] [client 18.136.193.178:48452] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jcrluthier.com"] [uri "/.env"] [unique_id "aLzTDLWUTMlCTGWsQjFlUwAAADw"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-07 00:33:07
(10 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-09-06 23:08:40
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 19:08:36.413411 2025] [security2:error] [pid 1161029:tid 1161038] [client 18.136.193.178:51628] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jazzzcatz.com"] [uri "/.env"] [unique_id "aLy-9Kd0B_B1SISeH1QNiAAAAAc"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
breubit
2025-09-06 22:17:32
(10 months ago)
18.136.193.178 - - [07/Sep/2025:00:17:32 +0200] "GET /.env HTTP/1.1" 301 597 "https://www.google.com ...
show more
18.136.193.178 - - [07/Sep/2025:00:17:32 +0200] "GET /.env HTTP/1.1" 301 597 "https://www.google.com/" "Mozilla/5.0 (Windows; U; MSIE 8.0; Linux i386; .NET CLR 3.0.5274; X11)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-06 22:00:29
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 18:00:25.586868 2025] [security2:error] [pid 16198:tid 16198] [client 18.136.193.178:35542] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jbservicesinc.net"] [uri "/.env"] [unique_id "aLyu-XpNSqMvZ_fY0VZBowAAAAg"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2025-09-06 21:59:06
(10 months ago)
Auto-ban: >500 bad req/min on 2025-09-05
Hacking
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2025-09-06 20:18:11
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 16:18:05.081016 2025] [security2:error] [pid 20192:tid 20192] [client 18.136.193.178:48454] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aoklandco.com"] [uri "/.env"] [unique_id "aLyW_fKSC8IJDTgUnPfJxgAAABo"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-06 14:28:47
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast ...
show more
(mod_security) mod_security (id:210492) triggered by 18.136.193.178 (ec2-18-136-193-178.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 10:28:42.208185 2025] [security2:error] [pid 3507:tid 3507] [client 18.136.193.178:56324] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daveroozendaal.chezlubacov.xyz"] [uri "/.env"] [unique_id "aLxFGp-SOupmkUAi4Gh0EwAAABA"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-06 13:04:41
(10 months ago)
Multiple web server 400 error codes from same source ip
Web App Attack