๐บ๐ธ
brightenfield
2026-07-07 16:38:13
(58 minutes ago)
Web App Attack
Web App Attack
๐ซ๐ท
LRob
2026-07-07 16:32:10
(1 hour ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/.env.production.local","/.env.development.loc ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/.env.production.local","/.env.development.local","/.envrc","/env.json","/app/.env"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"]
show less
Hacking
๐ฌ๐ง
WebNiraj
2026-07-07 14:58:25
(2 hours ago)
(mod_security) mod_security (id:949110) triggered by 47.250.40.154 (MY/Malaysia/-): 5 in the last 36 ...
show more
(mod_security) mod_security (id:949110) triggered by 47.250.40.154 (MY/Malaysia/-): 5 in the last 3600 secs [SIGMA]
show less
Brute-Force
๐จ๐ฟ
ptlab
2026-07-07 14:45:04
(2 hours ago)
Detected env_leak attack from WP-host.
Hacking
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-07 12:56:01
(4 hours ago)
trying wp-login.php/xmlrpc.php 43 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
JustMeHere
2026-07-07 12:49:30
(4 hours ago)
[Tue Jul 07 08:49:24.653028 2026] [security2:error] [pid 23695:tid 23825] [client 47.250.40.154:5899 ...
show more
[Tue Jul 07 08:49:24.653028 2026] [security2:error] [pid 23695:tid 23825] [client 47.250.40.154:58990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "mail.yorknation.com"] [uri "/.env.local"] [unique_id "akz11PriEUEYdQwv6XbN_QAAABM"]
...
show less
Web App Attack
๐ง๐ท
vfAcceloReporter
2026-07-07 12:38:45
(4 hours ago)
47.250.40.154 - - [07/Jul/2026:09:38:45 -0300] "GET /.env.development HTTP/1.1" 301 169 "-" "Mozilla ...
show more
47.250.40.154 - - [07/Jul/2026:09:38:45 -0300] "GET /.env.development HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
...
show less
Brute-Force
Web App Attack
Exploited Host
๐ฉ๐ช
FeG Deutschland
2026-07-07 11:14:14
(6 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฉ๐ช
rzk
2026-07-07 11:07:06
(6 hours ago)
CrowdSec scenario: crowdsecurity/http-sensitive-files. Banned by Koru Cloud platform after multi-eve ...
show more
CrowdSec scenario: crowdsecurity/http-sensitive-files. Banned by Koru Cloud platform after multi-event detection. ASN: Alibaba US Technology Co., Ltd.. Country: MY. Timestamp: 2026-07-07T11:07:05+00:00.
show less
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-07 07:19:43
(10 hours ago)
Excessive multi-domain requests
Brute-Force
๐จ๐ฆ
1gz
2026-07-07 04:22:06
(13 hours ago)
Triggered Cloudflare WAF (firewallManaged) from MY.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET meth ...
show more
Triggered Cloudflare WAF (firewallManaged) from MY.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp-config.php~
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-07-07 01:48:37
(15 hours ago)
47.250.40.154 - - [07/Jul/2026:03:48:31 +0200] "GET /secrets.json HTTP/1.1" 403 12583 "-" "Mozilla/5 ...
show more
47.250.40.154 - - [07/Jul/2026:03:48:31 +0200] "GET /secrets.json HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
47.250.40.154 - - [07/Jul/2026:03:48:32 +0200] "GET /credentials.json HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
47.250.40.154 - - [07/Jul/2026:03:48:32 +0200] "GET /cdp_api_key.json HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
47.250.40.154 - - [07/Jul/2026:03:48:32 +0200] "GET /app.js HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
47.250.40.154 - - [07/Jul/2026:03:48:33 +0200] "GET /main.js HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64
...
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-07 01:44:30
(15 hours ago)
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/.env.local","/.env.development","/.env.dev"," ...
show more
CrowdSec: crowdsecurity/http-sensitive-files | req: ["/.env.local","/.env.development","/.env.dev","/.env.prod","/.env.test"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"]
show less
Hacking
๐ฒ๐พ
Rizzy
2026-07-07 00:36:37
(17 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฉ๐ช
paissangroup
2026-07-06 23:55:08
(17 hours ago)
Multiple WAF Violations
Web App Attack