π¬π§
openstrike.co.uk
2026-06-16 05:15:11
(1 week ago)
12 attacks on env grabbing URLs:
GET /api/.env HTTP/1.1
Hacking
π©πͺ
Viveronese
2026-06-15 20:50:06
(2 weeks ago)
HTTP vulnerability scanning
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 20:32:19
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:32:10.553532 2026] [security2:error] [pid 29803:tid 29803] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:48972] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seacorre.de"] [uri "/api/.env"] [unique_id "ajBhSlkxIAPFGZghudRXJgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 19:59:41
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:59:36.994031 2026] [security2:error] [pid 32545:tid 32625] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:57472] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prismatik.com"] [uri "/.env"] [unique_id "ajBZqHpN2pvC13fJZ-JqywAAAdY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Teufel100
2026-06-15 19:24:32
(2 weeks ago)
ModSecurity rejected a query
Brute-Force
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 19:04:59
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:04:51.680716 2026] [security2:error] [pid 3503:tid 3503] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:54494] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evolutionmedical.help"] [uri "/api/.env"] [unique_id "ajBM0724Z8klaGd6upaN-AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
XICTRON
2026-06-15 18:50:06
(2 weeks ago)
ModSecurity rule violation detected by Fail2Ban
Web App Attack
π¬π§
pinguin
2026-06-15 17:56:30
(2 weeks ago)
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET meth ...
show more
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /database/.env
UA: Go-http-client/1.1
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-15 17:12:59
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:12:52.555764 2026] [security2:error] [pid 18274:tid 18274] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:50852] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rotorservice.com"] [uri "/api/.env"] [unique_id "ajAylLwNlXkd6Fw6-fhu0wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 16:24:58
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:24:49.628423 2026] [security2:error] [pid 26608:tid 26608] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:37390] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guavaroad.com"] [uri "/api/.env"] [unique_id "ajAnUYmIuw4vVCLG_gGzQQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 13:11:23
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:11:17.293385 2026] [security2:error] [pid 8689:tid 8689] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:47028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marcedinc.com"] [uri "/api/.env"] [unique_id "ai_59Wy5eLSvTKoDgdwB_QAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 12:38:21
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ...
show more
(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:38:14.561600 2026] [security2:error] [pid 29045:tid 29045] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:48148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardnercastle.com"] [uri "/api/.env"] [unique_id "ai_yNtsK7HAAmeuUVaPp6gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
e.fierstra
2026-06-15 12:03:32
(2 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
πΊπ¦
URAN Publishing Service
2026-06-15 11:50:55
(2 weeks ago)
2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /app/.env HTTP/1.1" 404 7 ...
show more
2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /app/.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1"
2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1"
...
show less
Web App Attack
πΊπΈ
dtorrer
2026-06-15 11:36:36
(2 weeks ago)
General vulnerability scan.
Port Scan