JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.143.203.18

41.143.203.18 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 100%: ?

100%

ISP	ADSL_Maroc_telecom
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	menara.ma
Country	🇲🇦 Morocco
City	Kenitra, Rabat-Sale-Kenitra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.143.203.18

Whois 41.143.203.18

IP Abuse Reports for 41.143.203.18:

This IP address has been reported a total of 50 times from 33 distinct sources. 41.143.203.18 was first reported on June 14th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-06-14 23:36:54 (2 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 23:16:51 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:16:46.421124 2026] [security2:error] [pid 1285:tid 1354] [client 41.143.203.18:54072] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "designshopadmin.com"] [uri "/.env"] [unique_id "ai82XkefYcjENMBE-S2FKAAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 22:51:41 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 18:51:33.997589 2026] [security2:error] [pid 17157:tid 17157] [client 41.143.203.18:61300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "skyfall-estate.com"] [uri "/.env"] [unique_id "ai8wdb0jt6OtDZtdyt7s8QAAADg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ut-addicted.com	2026-06-14 22:48:58 (3 hours ago)	\[Mon Jun 15 00:48:57.007369 2026\] \[:error\] \[pid 19728:tid 139785769273088\] \[client 41.143.203 ... show more \[Mon Jun 15 00:48:57.007369 2026\] \[:error\] \[pid 19728:tid 139785769273088\] \[client 41.143.203.18:62433\] \[client 41.143.203.18\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "ut-addicted.com"\] \[uri "/.env"\] \[unique_id "ai8v2ahuNTwW5ojFayOiSAAAAM0"\] show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 21:39:45 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:39:37.927475 2026] [security2:error] [pid 1301:tid 1301] [client 41.143.203.18:9791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paintriver.com"] [uri "/.env"] [unique_id "ai8fmcq5hORcSoxsw2B6wgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 zwebvigil	2026-06-14 21:25:39 (4 hours ago)	41.143.203.18 [14/Jun/2026:14:25:37 -0700] "GET /.env HTTP/1.1" 404 196 "-" port=53914 "Mozilla/5.0 ... show more 41.143.203.18 [14/Jun/2026:14:25:37 -0700] "GET /.env HTTP/1.1" 404 196 "-" port=53914 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" "-" "-" "sip.<host>" 300 41.143.203.18 [14/Jun/2026:14:25:37 -0700] "GET /.env HTTP/1.1" 404 196 "-" port=53930 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" "-" "-" "img.<host>" 349 41.143.203.18 [14/Jun/2026:14:25:37 -0700] "GET /.env HTTP/1.1" 404 22 "-" port=53946 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" "-" "-" "www.<host>" 5721 41.143.203.18 [14/Jun/2026:14:25:37 -0700] "GET /.env HTTP/1.1" 404 22 "-" port=53958 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" "-" "-" "<host>" 4861 41.143.203.18 [14/Jun/2026:14:25:38 -0700] "GET /.env HTTP/1.1" 404 2673 "-" port=54024 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" "-" "-" "www.<host>" 941 41.143.203.18 [14/Jun/2026:14:25:38 -0700] "GET show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 20:48:36 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 16:48:33.133692 2026] [security2:error] [pid 11224:tid 11224] [client 41.143.203.18:36134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tiln.org"] [uri "/.env"] [unique_id "ai8ToTKXecpPCWUMq07ncAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-14 20:36:08 (5 hours ago)	dot file probe	Web App Attack
Anonymous	2026-06-14 20:12:05 (5 hours ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1	Hacking Web App Attack
🇦🇺 Anytech	2026-06-14 20:08:34 (5 hours ago)	Blocked by Conn-Monitor: Web scanning activity	Hacking Web App Attack
🇦🇺 2000cn.com.au	2026-06-14 19:55:40 (6 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 Major Hostility	2026-06-14 19:55:20 (6 hours ago)	"GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 19:32:57 (6 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 15:32:50.452294 2026] [security2:error] [pid 14176:tid 14176] [client 41.143.203.18:52532] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bjfrancislaw.com"] [uri "/.env"] [unique_id "ai8B4nntns3Vl94i4RzJmgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 18:33:05 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:33:00.617979 2026] [security2:error] [pid 17896:tid 17896] [client 41.143.203.18:56962] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.andiamocg.andiamocomputers.com"] [uri "/.env"] [unique_id "ai7z3H8oU_8brOP_PKQe3gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 17:10:35 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 41.143.203.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 13:10:30.561144 2026] [security2:error] [pid 24340:tid 24340] [client 41.143.203.18:6539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tipdavid.com"] [uri "/.env"] [unique_id "ai7ghrYqBDaixxOmx2DwxgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇺 217.70.186.133

🇬🇧 213.166.84.41

🇦🇷 201.190.251.90

🇧🇴 181.188.148.74

🇫🇮 178.20.210.208

🇦🇷 131.161.184.46

🇮🇳 128.185.253.98

🇭🇰 125.59.252.103

🇮🇳 125.19.195.66

🇦🇺 119.18.2.75

🇷🇴 92.118.39.62

🇳🇱 91.92.40.7

🇱🇹 77.90.185.62

🇬🇧 34.142.44.220

🇺🇸 205.210.31.58

🇵🇰 202.47.52.108

🇳🇱 178.16.54.237

🇦🇺 170.64.191.123

🇩🇪 167.99.246.155

🇮🇩 163.227.52.50