openstrike.co.uk
2024-10-16 05:12:36
(2 weeks ago)
10 attacks on password grabbing URLs:
GET /.vscode/sftp.json HTTP/1.1
Hacking
gurnip
2024-10-15 15:19:37
(2 weeks ago)
Vulnerability probe of page /public/.env, not found on server.
Brute-Force
Web App Attack
bigscoots.com
2024-10-15 15:10:58
(2 weeks ago)
(PERMBLOCK) 128.199.246.46 (SG/Singapore/premi.vpnjantit.com) has had more than 4 temp blocks in the ... show more (PERMBLOCK) 128.199.246.46 (SG/Singapore/premi.vpnjantit.com) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: 1; Trigger: LF_PERMBLOCK_COUNT; Logs: show less
Brute-Force
SSH
TPI-Abuse
2024-10-15 14:54:47
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:54:41.294783 2024] [security2:error] [pid 27151:tid 27160] [client 128.199.246.46:59004] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "maryschalkdesign.com"] [uri "/public/.env"] [unique_id "Zw6CMYEdgGcS409lITzYdQAAAYM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-10-15 13:54:52
(2 weeks ago)
20 attempts against mh_ha-misbehave-ban on ec102964
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 13:32:22
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 09:32:17.019221 2024] [security2:error] [pid 16811:tid 16811] [client 128.199.246.46:54842] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "midnightscribe.com"] [uri "/public/.env"] [unique_id "Zw5u4awvmA4kXyvunV_A3gAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 13:16:34
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 09:16:26.971003 2024] [security2:error] [pid 7379:tid 7379] [client 128.199.246.46:55927] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marionenv.com"] [uri "/public/.env"] [unique_id "Zw5rKlQT03kqWR-Q8QmKpgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mediashaker
2024-10-15 13:07:47
(2 weeks ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 128.199.246.46 (SG/Singa ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 128.199.246.46 (SG/Singapore/premi.vpnjantit.com) show less
Port Scan
horsemedia
2024-10-15 13:00:31
(2 weeks ago)
undefined
Web App Attack
TPI-Abuse
2024-10-15 12:59:12
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 08:59:05.839752 2024] [security2:error] [pid 20739:tid 20739] [client 128.199.246.46:63679] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dymesich.com"] [uri "/public/.env"] [unique_id "Zw5nGSY0qoyNFUYgE6cpGAAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-10-15 12:56:31
(2 weeks ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2024-10-15 12:35:32
(2 weeks ago)
Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /.env.dev HTTP/1.1
Hacking
Web App Attack
TPI-Abuse
2024-10-15 11:53:07
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 07:53:03.668693 2024] [security2:error] [pid 19803:tid 19803] [client 128.199.246.46:49421] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalweb123.com"] [uri "/public/.env"] [unique_id "Zw5XnxkTb44C9rqnMySn6gAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 11:33:48
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 128.199.246.46 (premi.vpnjantit.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 07:33:45.330122 2024] [security2:error] [pid 15488:tid 15488] [client 128.199.246.46:49274] [client 128.199.246.46] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glendaleheritage.org"] [uri "/public/.env"] [unique_id "Zw5TGVGkaUi3p5Ha9Mn66wAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-15 11:22:18
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH