Anonymous
2025-03-20 09:50:03
(1 year ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2025-03-18 16:25:11
(1 year ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 136.243.154.120 (DE/Germany/secure22 ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 136.243.154.120 (DE/Germany/secure223.siteserverconfig.com): 2 in the last 3600 secs
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-03-18 14:51:47
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 18 10:51:40.764703 2025] [security2:error] [pid 29636:tid 29636] [client 136.243.154.120:53136] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kathynash.nashes.net"] [uri "/.env"] [unique_id "Z9mIfEa0j2Kww1TdH4SC7wAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-03-18 14:17:53
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 18 10:17:48.030983 2025] [security2:error] [pid 2366:tid 2366] [client 136.243.154.120:59136] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geriart.net"] [uri "/.env"] [unique_id "Z9mAjDlQOjQL7ySnoKRv_wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-03-18 04:24:13
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-03-18 04:08:21
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
Anonymous
2025-03-17 23:43:16
(1 year ago)
Aggressive web scan
Web App Attack
๐ณ๐ด
tmiland
2025-03-17 20:38:06
(1 year ago)
(nginx_404) Dot directory Honeypot Trap 136.243.154.120 (DE/Germany/secure223.siteserverconfig.com): ...
show more
(nginx_404) Dot directory Honeypot Trap 136.243.154.120 (DE/Germany/secure223.siteserverconfig.com): 2 in the last 3600 secs
show less
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-03-17 18:12:39
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 17 14:12:34.845204 2025] [security2:error] [pid 32310:tid 32320] [client 136.243.154.120:60542] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "strengthlink.pwrcoupling.com"] [uri "/.env"] [unique_id "Z9hmEjgCgmxnYAT_5OigJAAAAEg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-03-17 17:05:03
(1 year ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
TPI-Abuse
2025-03-17 15:42:07
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 17 11:41:59.492496 2025] [security2:error] [pid 13641:tid 13641] [client 136.243.154.120:56086] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sequences.alexthepunk.com"] [uri "/.env"] [unique_id "Z9hCx9xzup4Tplo5XjuPzQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-03-17 14:11:52
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 17 10:11:47.113859 2025] [security2:error] [pid 22018:tid 22018] [client 136.243.154.120:55242] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rmhpolarracing.com"] [uri "/.env"] [unique_id "Z9gto7afBiRXTHqtcjwD4gAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
nextweb
2025-03-17 11:36:03
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (DE/Germany/Saxony/Falkenstein/ ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (DE/Germany/Saxony/Falkenstein/secure223.siteserverconfig.com/[AS24940 Hetzner Online GmbH]): 5 in the last 3600 secs (CF_ENABLE)
show less
Brute-Force
๐จ๐ฆ
polycoda
2025-03-17 11:22:45
(1 year ago)
โจ๏ธ Probes for /.env everywhere
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-03-17 10:57:16
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com ...
show more
(mod_security) mod_security (id:210492) triggered by 136.243.154.120 (secure223.siteserverconfig.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 17 06:57:11.704983 2025] [security2:error] [pid 6064:tid 6064] [client 136.243.154.120:45312] [client 136.243.154.120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pastorjohndunning.com"] [uri "/.env"] [unique_id "Z9gAB0aADL8aPYK3vb5YegAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack