๐บ๐ธ
Peter Racine
2026-07-08 17:12:00
(2 days ago)
Credential stuffing - exchange accounts
Brute-Force
๐บ๐ธ
cwytech
2026-05-30 10:42:49
(1 month ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/tpot-web-high.
Bad Web Bot
Web App Attack
Anonymous
2026-03-28 10:24:25
(3 months ago)
Forum/form spam
Web Spam
๐ซ๐ฎ
as211431.net
2026-02-12 07:37:40
(4 months ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env.staging
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฏ๐ต
Valhalla
2026-02-11 19:21:08
(4 months ago)
/config/.env
Hacking
Web App Attack
๐จ๐ฑ
ifiguero
2026-02-10 06:29:21
(5 months ago)
Web Attack (\x00\x00\x00\x00\x00). 7d ban
Web App Attack
๐บ๐ธ
jcbriar
2026-02-10 05:17:43
(5 months ago)
Searching for vulnerable scripts
Hacking
Web App Attack
๐ฌ๐ง
Axel
2026-02-09 20:49:23
(5 months ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.staging
Hacking
SQL Injection
Web App Attack
๐ฉ๐ช
Packets-Decreaser.NET
2025-12-29 14:01:37
(6 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐ฎ๐น
VHosting
2025-12-23 15:20:20
(6 months ago)
Detected attack and reported by a human
DDoS Attack
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
SSH
๐บ๐ธ
TPI-Abuse
2025-11-24 08:15:22
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:15:18.557302 2025] [security2:error] [pid 23289:tid 23289] [client 216.26.227.124:26943] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nlc-calumet.org"] [uri "/.env"] [unique_id "aSQUFjA28g6WR4CnivBEkQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 07:18:15
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:18:10.447697 2025] [security2:error] [pid 12102:tid 12123] [client 216.26.227.124:54257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.debtsuspensionrights.credit-card-cap.com"] [uri "/.env"] [unique_id "aSQGsvW9q1mxetu5lC-LLwAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 06:38:29
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:38:23.425049 2025] [security2:error] [pid 12916:tid 12916] [client 216.26.227.124:24335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.rjdyckarchitect.com"] [uri "/.svn/wc.db"] [unique_id "aSP9X6Y2Uepv8j9PSjunvwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 05:17:51
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:17:35.556120 2025] [security2:error] [pid 24542:tid 24542] [client 216.26.227.124:15083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.hometoamerica.com"] [uri "/.env"] [unique_id "aSPqb5f_0PLiKynznnUXyQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-24 04:57:02
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 216.26.227.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:56:37.040750 2025] [security2:error] [pid 19630:tid 19630] [client 216.26.227.124:36765] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.slpawb.com"] [uri "/.svn/wc.db"] [unique_id "aSPlhRrywxCc_K2pF_YOoQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack