๐บ๐ธ
TPI-Abuse
2026-07-01 11:48:49
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 07:48:43.546278 2026] [security2:error] [pid 4197:tid 4197] [client 54.175.142.148:32968] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thecharlesmadu.com"] [uri "/.env.production"] [unique_id "akT-mx0KvmhtFyaN9If4uAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2026-07-01 08:27:03
(7 hours ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 54.175.142.148 (US/United States/ec2 ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 54.175.142.148 (US/United States/ec2-54-175-142-148.compute-1.amazonaws.com): 2 in the last 3600 secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:03:45
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:03:38.757298 2026] [security2:error] [pid 12598:tid 12598] [client 54.175.142.148:59492] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.uheep2.spaceritual.net"] [uri "/.env.tmp"] [unique_id "akSDivqLllkfpsYakP9X6gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
todix
2026-07-01 03:03:32
(13 hours ago)
Web App Attack Exploid from 54.175.142.148
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 22:55:59
(17 hours ago)
Excessive multi-domain requests
Brute-Force
Anonymous
2026-06-30 22:46:06
(17 hours ago)
Bot / scanning and/or hacking attempts: GET /.env.bak HTTP/1.1, GET /.env.staging HTTP/1.1, GET /.en ...
show more
Bot / scanning and/or hacking attempts: GET /.env.bak HTTP/1.1, GET /.env.staging HTTP/1.1, GET /.env.old HTTP/1.1, GET /.env~ HTTP/1.1, GET /.env.test HTTP/1.1, GET /.env.example HTTP/1.1, GET /.env.save HTTP/1.1, GET /.env.tmp HTTP/1.1, GET /.env.swp HTTP/1.1, GET /.env.sample HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 21:21:28
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 17:21:25.178582 2026] [security2:error] [pid 20351:tid 20351] [client 54.175.142.148:49552] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "desertedge.band"] [uri "/.env.tmp"] [unique_id "akQzVdlmHa6Z2PfpbmAr3wAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 21:10:32
(18 hours ago)
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.local HTTP/1.1" 301 257 "-" "Mozilla/5.0 ...
show more
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.local HTTP/1.1" 301 257 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" 162.158.152.160
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.production HTTP/1.1" 301 262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" 162.158.152.160
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.development HTTP/1.1" 301 263 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" 162.158.152.160
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.dev HTTP/1.1" 301 255 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" 162.158.152.160
54.175.142.148 - - [30/Jun/2026:16:09:05 -0500] "GET /.env.prod HTT
...
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 21:03:29
(19 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 19:19:32
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:19:25.569449 2026] [security2:error] [pid 3717:tid 3717] [client 54.175.142.148:43376] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "smsindustries.com"] [uri "/.env.local"] [unique_id "akQWvXjQ87qkk8FTrB3EcAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-06-30 18:52:08
(21 hours ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 17:53:36
(22 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 13:53:30.711943 2026] [security2:error] [pid 9971:tid 9971] [client 54.175.142.148:55608] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mightyhoop.com"] [uri "/.env.dev"] [unique_id "akQCmk7YNX4Vm7U-uxh3RgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 16:46:02
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:45:55.280237 2026] [security2:error] [pid 31831:tid 31831] [client 54.175.142.148:58878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "encoremtmorris.com"] [uri "/.env.save"] [unique_id "akPyw1wCT8Q-wLAC5yxjdwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 14:38:28
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.am ...
show more
(mod_security) mod_security (id:210492) triggered by 54.175.142.148 (ec2-54-175-142-148.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 10:38:24.765524 2026] [security2:error] [pid 25605:tid 25620] [client 54.175.142.148:58756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "9line-lb.com"] [uri "/.env.dev"] [unique_id "akPU4CvM8CtsYROcDq6x1wAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 14:34:59
(1 day ago)
Aggressive web scan
Web App Attack