rshict
2024-11-18 10:20:27
(3 weeks ago)
Hacking, Brute-Force, Web App Attack
Hacking
Brute-Force
Web App Attack
chronos
2024-11-13 23:38:49
(3 weeks ago)
[AUTORAVALT][[13/11/2024 - 20:38:49 -03:00 UTC]
Attack from [DigitalOcean, LLC]
[134.209 ... show more [AUTORAVALT][[13/11/2024 - 20:38:49 -03:00 UTC]
Attack from [DigitalOcean, LLC]
[134.209.121.160] Action: BLocKed
Hacking... Unauthorized attempts to access the server.
Web App Attack -> Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software pl]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-11-13 12:41:08
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 07:41:03.218807 2024] [security2:error] [pid 1084:tid 1084] [client 134.209.121.160:43358] [client 134.209.121.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.13"] [uri "/.env"] [unique_id "ZzSeXxBgjS3qzOw-bQe38QAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
sdos.es
2024-11-13 12:37:44
(3 weeks ago)
"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"
Web App Attack
Anonymous
2024-11-13 12:23:53
(3 weeks ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/.env"]
Web App Attack
TPI-Abuse
2024-11-13 12:16:37
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 07:16:34.676170 2024] [security2:error] [pid 28604:tid 28604] [client 134.209.121.160:58414] [client 134.209.121.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.146"] [uri "/.env"] [unique_id "ZzSYoj1OFihnILgHiUVDzwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-13 12:15:34
(3 weeks ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET / HTTP/1.0
Hacking
Web App Attack
chronos
2024-11-13 11:55:55
(3 weeks ago)
[AUTORAVALT][[13/11/2024 - 08:55:54 -03:00 UTC]
Attack from [DigitalOcean, LLC]
[134.209 ... show more [AUTORAVALT][[13/11/2024 - 08:55:54 -03:00 UTC]
Attack from [DigitalOcean, LLC]
[134.209.121.160] Action: BLocKed
Hacking... Unauthorized attempts to access the server.
Web App Attack -> Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software pl]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-11-13 11:53:01
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 06:52:54.867412 2024] [security2:error] [pid 2713238:tid 2713238] [client 134.209.121.160:46814] [client 134.209.121.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.145"] [uri "/.env"] [unique_id "ZzSTFmRp3nfJUmazZhlADQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
GAS
2024-11-13 11:43:33
(3 weeks ago)
134.209.121.160 - - [13/Nov/2024:12:43:31 +0100] "GET /.env HTTP/1.1" 404 4323 "-" "Mozilla/5.0 Keyd ... show more 134.209.121.160 - - [13/Nov/2024:12:43:31 +0100] "GET /.env HTTP/1.1" 404 4323 "-" "Mozilla/5.0 Keydrop"
134.209.121.160 - - [13/Nov/2024:12:43:31 +0100] "GET / HTTP/1.0" 400 729 "-" "-"
... show less
Port Scan
Mr-Money
2024-11-13 11:40:00
(3 weeks ago)
134.209.121.160 - - [13/Nov/2024:12:39:59 +0100] "GET /.env HTTP/1.1" 404 3837 "-" "Mozilla/5.0 Keyd ... show more 134.209.121.160 - - [13/Nov/2024:12:39:59 +0100] "GET /.env HTTP/1.1" 404 3837 "-" "Mozilla/5.0 Keydrop"
... show less
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
TPI-Abuse
2024-11-13 11:33:38
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 06:33:35.663910 2024] [security2:error] [pid 12653:tid 12653] [client 134.209.121.160:58864] [client 134.209.121.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.179"] [uri "/.env"] [unique_id "ZzSOj4hpVEoQVuh1ZoH70gAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-13 11:25:21
(3 weeks ago)
Detected abusive req: GET /.env User Agent: Mozilla/5.0 Keydrop. Reason: AID hint
Hacking
Bad Web Bot
RoboSOC
2024-11-13 11:15:49
(3 weeks ago)
SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found
Port Scan
TPI-Abuse
2024-11-13 11:06:37
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.121.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 06:06:33.873081 2024] [security2:error] [pid 25532:tid 25532] [client 134.209.121.160:36720] [client 134.209.121.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.69"] [uri "/.env"] [unique_id "ZzSIOYRrgCHgJoPRMxoMfgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack