Anonymous
2026-06-30 17:31:32
(1 hour ago)
(caddyscan) Scanner path probe from 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru) ...
show more
(caddyscan) Scanner path probe from 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:17:31:27 +0000] "GET /actuator/env HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:17:31:27 +0000] "GET /actuator/configprops HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:17:31:28 +0000] "GET /backup/.env HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:17:31:28 +0000] "GET /backups/.env HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:17:31:28 +0000] "GET /old/.env HTTP/1.1"
show less
Port Scan
Anonymous
2026-06-30 17:23:50
(1 hour ago)
Blocked by ModSec and CSF
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-30 16:42:27
(2 hours ago)
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): ...
show more
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:42:21.581969 2026] [security2:error] [pid 22014:tid 22014] [client 46.243.3.58:47538] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "virgen.click"] [uri "/.env"] [unique_id "akPx7R5frZ8u_OvfudSpyQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 15:16:16
(3 hours ago)
(mod_security) mod_security (id:949110) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): ...
show more
(mod_security) mod_security (id:949110) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:16:13.724296 2026] [security2:error] [pid 1551:tid 1551] [client 46.243.3.58:39968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ugandaconnection.com"] [uri "/.env.production"] [unique_id "akPdvQrgEbTrOXjhSAyjOwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2026-06-30 15:11:50
(4 hours ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 46.243.3.58 (vm121995.andreich73.ser ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 2 in the last 3600 secs
show less
Web App Attack
Anonymous
2026-06-30 13:50:58
(5 hours ago)
(caddyscan) Scanner path probe from 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru) ...
show more
(caddyscan) Scanner path probe from 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:13:50:51 +0000] "GET /home/ubuntu/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:13:50:51 +0000] "GET /home/ec2-user/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:13:50:51 +0000] "GET /home/node/.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:13:50:53 +0000] "GET /.env.vault HTTP/1.1"
[REDACTED] 200 2627 46.243.3.58 - - [30/Jun/2026:13:50:53 +0000] "GET /.aws/credentials HTTP/1.1"
show less
Port Scan
๐ณ๐ฑ
e.fierstra
2026-06-30 13:46:27
(5 hours ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
๐ฆ๐บ
AWW-Admin
2026-06-30 12:35:21
(6 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 46.243.3.58 (vm121995.andreich73.serv-d ...
show more
(mod_security) mod_security triggered on hostname [redacted] 46.243.3.58 (vm121995.andreich73.serv-dns.ru)
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-06-30 12:10:20
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): ...
show more
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:10:12.284961 2026] [security2:error] [pid 14922:tid 14922] [client 46.243.3.58:43328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.drillworkscr.com"] [uri "/.env.dist"] [unique_id "akOyJLPIg4DlzfvYRx-R5QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 10:28:29
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): ...
show more
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:28:24.739505 2026] [security2:error] [pid 991:tid 991] [client 46.243.3.58:38874] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.justjunglejuice.org"] [uri "/.env.example"] [unique_id "akOaSJtlmYu-rpuKmfgriwAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 09:00:32
(10 hours ago)
Excessive multi-domain requests
Brute-Force
๐ฌ๐ง
consul.to
2026-06-30 08:47:09
(10 hours ago)
Web attack/malicious scanning detected
Web App Attack
๐ฉ๐ช
MBombeck
2026-06-30 08:34:31
(10 hours ago)
Fail2Ban/traefik-botsearch on apps-01: banned after 5 failures
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 08:06:56
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): ...
show more
(mod_security) mod_security (id:210492) triggered by 46.243.3.58 (vm121995.andreich73.serv-dns.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 04:06:50.889395 2026] [security2:error] [pid 3960:tid 3960] [client 46.243.3.58:38846] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.app.fourminutedecision.com"] [uri "/.env"] [unique_id "akN5Gtw3lZbEbFpQoBX7GgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-30 08:03:05
(11 hours ago)
(modsecurity) srv201 ModSecurity 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru): 1 ...
show more
(modsecurity) srv201 ModSecurity 46.243.3.58 (NL/The Netherlands/vm121995.andreich73.serv-dns.ru): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack