๐บ๐ธ
n2nguyenn2nguyen
2026-07-16 08:48:17
(5 minutes ago)
Blocked by YFC Security on https://fencingforward.com โ type: directory_scan_attempts
Web App Attack
๐ฎ๐ณ
evicky2002
2026-07-16 06:00:00
(2 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ซ๐ฎ
as211431.net
2026-07-16 02:25:16
(6 hours ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
ghostwarriors
2026-07-15 20:50:20
(12 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 18:14:13
(14 hours ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET /.git/config HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
infra-monitor
2026-07-15 18:00:04
(14 hours ago)
Automated ban via infra-monitor: suspicious-probe
Port Scan
๐ฎ๐น
CoreTech srl
2026-07-15 16:43:56
(16 hours ago)
cloudlinux2 fail2ban: 2026-07-15 18:39:49,617 fail2ban.filter [1812]: INFO [plesk-wordpre ...
show more
cloudlinux2 fail2ban: 2026-07-15 18:39:49,617 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 216.24.219.112 - 2026-07-15 18:39:48cloudlinux2 fail2ban: 2026-07-15 18:39:53,629 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 216.24.219.112 - 2026-07-15 18:39:53cloudlinux2 fail2ban: 2026-07-15 18:40:01,283 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 172.98.32.14 - 2026-07-15 18:40:00cloudlinux2 fail2ban: 2026-07-15 18:40:01,531 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 172.98.32.17 - 2026-07-15 18:40:00cloudlinux2 fail2ban: 2026-07-15 18:41:47,743 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 35.196.195.158 - 2026-07-15 18:41:47cloudlinux2 fail2ban: 2026-07-15 18:42:19,199 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 52.90.211.134 - 2026-07-15 18:42:19cloudlinux2 fail2ban: 2026-07-15 18:42:17,300 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 52.90.211.134 - 2026-07-15 18:42:17cl
show less
Web App Attack
๐ฌ๐ง
Mendip_Defender
2026-07-15 16:09:45
(16 hours ago)
[15/Jul/2026:17:09:35.225460 +0100] alewv_BuhZyPKchL3rKbmwAAAJc 52.90.211.134 51378 188.246.206.60 7 ...
show more
[15/Jul/2026:17:09:35.225460 +0100] alewv_BuhZyPKchL3rKbmwAAAJc 52.90.211.134 51378 188.246.206.60 7081
[15/Jul/2026:17:09:35.570987 +0100] alewv61HvCnB8z4fRtY_xgAAAFA 52.90.211.134 51388 188.246.206.60 7081
...
show less
Brute-Force
๐ฉ๐ช
ger-stg-sifi1
2026-07-15 13:48:14
(19 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 12:32:27
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 08:32:21.490379 2026] [security2:error] [pid 4869:tid 4869] [client 52.90.211.134:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thectegroup.net"] [uri "/.env"] [unique_id "ald91Tb1bqGIRblqFEnxSQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 11:55:13
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:55:06.206764 2026] [security2:error] [pid 18469:tid 18469] [client 52.90.211.134:49310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.albuquerquelimobus.com"] [uri "/.env"] [unique_id "ald1GoqmbeGNLdNaJZsRNQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 11:25:15
(21 hours ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:25:11.525314 2026] [security2:error] [pid 17962:tid 17962] [client 52.90.211.134:53156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "listerman.org"] [uri "/.git/config"] [unique_id "alduF-rqMtubdGuKxf63bAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 08:21:20
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 04:21:14.254486 2026] [security2:error] [pid 9037:tid 9037] [client 52.90.211.134:33058] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cmcnow.net"] [uri "/.env"] [unique_id "aldC-trXlm410lGwV6M2RAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 08:02:32
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 04:02:25.929929 2026] [security2:error] [pid 22447:tid 22447] [client 52.90.211.134:38026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lovelybeyondwords.com"] [uri "/.git/config"] [unique_id "alc-kZomhLi0VlXnvgLp0gAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 07:42:57
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amaz ...
show more
(mod_security) mod_security (id:210492) triggered by 52.90.211.134 (ec2-52-90-211-134.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 03:42:53.136879 2026] [security2:error] [pid 13233:tid 13233] [client 52.90.211.134:33980] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "serranoscoffee.com"] [uri "/.env"] [unique_id "alc5_UWBZlC-unDIh5muKgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack