TPI-Abuse
2024-12-01 05:16:31
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute ... show more (mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:16:24.167117 2024] [security2:error] [pid 12297:tid 12297] [client 13.49.246.2:35954] [client 13.49.246.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.hamiltonbookings.com"] [uri "/.env"] [unique_id "Z0vxKHkLXaSiztjQcjOhcwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
ecodehost.com
2024-12-01 05:09:03
(6 days ago)
Domain : MailEnable WebMail
Rule : env
2024-12-01 05:08:18 10.100.1.20 GET /.env - 443 - ... show more Domain : MailEnable WebMail
Rule : env
2024-12-01 05:08:18 10.100.1.20 GET /.env - 443 - 13.49.246.2 Mozilla/5.0 (X11; Linux x86_64) - 404 0 2 74 - - show less
Hacking
SQL Injection
Bedios GmbH
2024-12-01 04:44:57
(6 days ago)
Login credentials theft attempt
Hacking
TPI-Abuse
2024-12-01 04:36:19
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute ... show more (mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 23:36:14.190384 2024] [security2:error] [pid 18427:tid 18427] [client 13.49.246.2:54320] [client 13.49.246.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.karenjoyce.com"] [uri "/.env"] [unique_id "Z0vnvvC1eu_DDMvr5LNXNAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Jim Keir
2024-12-01 04:01:28
(6 days ago)
2024-12-01 04:01:28 13.49.246.2 File scanning, blocking 13.49.246.2 for 5 minutes
Web App Attack
PaulSep
2024-12-01 04:00:58
(6 days ago)
2024-12-01T05:00:57+01:00 [redacted] [Sun Dec 01 05:00:57.558162 2024] [core:info] [pid 29068:tid 13 ... show more 2024-12-01T05:00:57+01:00 [redacted] [Sun Dec 01 05:00:57.558162 2024] [core:info] [pid 29068:tid 139928927188672] [client 13.49.246.2:33506] AH00128: File does not exist: /var/services/web/.env show less
Hacking
TPI-Abuse
2024-12-01 02:22:40
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute ... show more (mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:22:37.114955 2024] [security2:error] [pid 31704:tid 31704] [client 13.49.246.2:47862] [client 13.49.246.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.pioneercanadian.com"] [uri "/.env"] [unique_id "Z0vIbV8VcSVwLNVFhOLcdgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 02:02:08
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute ... show more (mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:02:03.844833 2024] [security2:error] [pid 3452719:tid 3452719] [client 13.49.246.2:48134] [client 13.49.246.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.perryoclock.com"] [uri "/.env"] [unique_id "Z0vDm-91IwkPWSthv13qtAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-30 23:59:08
(6 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-30 23:34:33
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute ... show more (mod_security) mod_security (id:210492) triggered by 13.49.246.2 (ec2-13-49-246-2.eu-north-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 18:34:28.320114 2024] [security2:error] [pid 7333:tid 7333] [client 13.49.246.2:37460] [client 13.49.246.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.telesto.pe"] [uri "/.env"] [unique_id "Z0uhBKD6XbLq7fA4WMtGbQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack