๐บ๐ธ
TPI-Abuse
2026-07-07 19:16:29
(33 minutes ago)
(mod_security) mod_security (id:210492) triggered by 94.154.43.178 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 94.154.43.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 15:16:25.184681 2026] [security2:error] [pid 24151:tid 24151] [client 94.154.43.178:39848] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeanlouisdarville.com"] [uri "/.env"] [unique_id "ak1QiQnMlFor--Kem_vLWwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Bedios GmbH
2026-07-07 19:05:45
(44 minutes ago)
Login credentials theft attempt
Hacking
๐ณ๐ฑ
enpepet
2026-07-07 18:55:46
(54 minutes ago)
GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT ...
show more
GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 URL:/.env
show less
Port Scan
Hacking
Brute-Force
Bad Web Bot
๐ฌ๐ง
myintarweb
2026-07-07 18:29:16
(1 hour ago)
94.154.43.178 - mail.myintarweb.co.uk [07/Jul/2026:19:29:15 +0100] 443 "GET /.env HTTP/1.1" 301 6941 ...
show more
94.154.43.178 - mail.myintarweb.co.uk [07/Jul/2026:19:29:15 +0100] 443 "GET /.env HTTP/1.1" 301 6941 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
...
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-07 18:29:05
(1 hour ago)
94.154.43.178 - - [07/Jul/2026:21:29:05 +0300] "GET /.env HTTP/1.1" 404 4694 "-" "Mozilla/5.0 (Windo ...
show more
94.154.43.178 - - [07/Jul/2026:21:29:05 +0300] "GET /.env HTTP/1.1" 404 4694 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฎ๐น
[email protected]
2026-07-07 18:22:37
(1 hour ago)
94.154.43.178 - - [07/Jul/2026:15:47:21 +0200] "GET /.env HTTP/1.1" 404 3935 "-" "Mozilla/5.0 (Windo ...
show more
94.154.43.178 - - [07/Jul/2026:15:47:21 +0200] "GET /.env HTTP/1.1" 404 3935 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"
show less
Web App Attack
Hacking
๐ฉ๐ช
FeG Deutschland
2026-07-07 18:15:05
(1 hour ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-07-07 17:44:04
(2 hours ago)
Attempted access to sensitive configuration files (.env, .git, etc.)
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 16:31:55
(3 hours ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
aks4226
2026-07-07 16:30:18
(3 hours ago)
Attacking common web applications. (n01)
Web App Attack
๐บ๐ธ
oralunal
2026-07-07 16:29:09
(3 hours ago)
IP banned by Fail2Ban in jail suss access.log ah-app-1
...
Bad Web Bot
Web App Attack
๐บ๐ธ
itsnixk
2026-07-07 16:17:18
(3 hours ago)
(mod_security) mod_security (id:930130) triggered by 94.154.43.178 (TR/Turkey/-): 1 in the last 3600 ...
show more
(mod_security) mod_security (id:930130) triggered by 94.154.43.178 (TR/Turkey/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jul 07 12:17:14.793239 2026] [security2:error] [pid 1451313:tid 1451407] [client 94.154.43.178:25288] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.env"] [unique_id "ak0mikOaMyNVCZa_E_sD-wAAAEs"]
show less
Port Scan
๐ณ๐ฑ
thedreamer.nl
2026-07-07 16:16:08
(3 hours ago)
94.154.43.178 - - [07/Jul/2026:18:15:53 +0200] "GET /.env HTTP/1.1" 502 552 "-" "Mozilla/5.0 (Window ...
show more
94.154.43.178 - - [07/Jul/2026:18:15:53 +0200] "GET /.env HTTP/1.1" 502 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" "NL" "Amsterdam" "52.37160" "4.88830"
94.154.43.178 - - [07/Jul/2026:18:15:52 +0200] "GET /.env HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" "NL" "Amsterdam" "52.37160" "4.88830"
94.154.43.178 - - [07/Jul/2026:18:15:52 +0200] "GET /.env HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" "NL" "Amsterdam" "52.37160" "4.88830"
94.154.43.178 - - [07/Jul/2026:18:15:53 +0200] "GET /.env HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" "NL" "Amsterdam" "52.37160" "4.88830"
...
show less
Hacking
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
its101
2026-07-07 15:50:05
(3 hours ago)
Automated detection by LockdownAccess security system. Attack type(s): env_grab. Reason: Nginx: env_ ...
show more
Automated detection by LockdownAccess security system. Attack type(s): env_grab. Reason: Nginx: env_grab attack. Path targeted: unknown. Blocked in Cloudflare.
show less
Web App Attack
๐บ๐ธ
JustMeHere
2026-07-07 15:25:50
(4 hours ago)
[Tue Jul 07 11:25:44.350574 2026] [security2:error] [pid 23696:tid 23810] [client 94.154.43.178:5219 ...
show more
[Tue Jul 07 11:25:44.350574 2026] [security2:error] [pid 23696:tid 23810] [client 94.154.43.178:52198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "forum.yorknation.com"] [uri "/.env"] [unique_id "ak0aeDJfXcorWXCQcs2YYwAAAE4"]
...
show less
Web App Attack