TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 06:07:26.002728 2024] [security2:error] [pid 26997:tid 26997] [client 15.237.189.84:63587] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.teamwakimphotography.com"] [uri "/sftp-config.json"] [unique_id "Zt13XvJAqoySJYMZxtM5bgAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 05:06:34.032656 2024] [security2:error] [pid 3810945:tid 3810945] [client 15.237.189.84:64922] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.naturephotographyadventures.com"] [uri "/biodiane.htm/sftp-config.json"] [unique_id "Zt1pGh_wzzcVfnYYdP5I-QAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Domain : teresavazquez.pt
Rule : config
2024-09-08 08:31:22 38.242.219.191 GET /.vscode/ ... show moreDomain : teresavazquez.pt
Rule : config
2024-09-08 08:31:22 38.242.219.191 GET /.vscode/sftp.json - 443 - 15.237.189.84 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 - teresavazquez.pt 404 0 2 1458 224 53 - - show less
|
Hacking
SQL Injection
|
|
theEngineer
|
|
[08:31:20] 0*: Scanning for exploits.
|
Web App Attack
|
|
kumiko
|
|
[2024-09-08 07:09:27] Probing for dotfiles
"GET /.vscode/sftp.json HTTP/1.1" 301
|
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 02:41:54.289724 2024] [security2:error] [pid 30762:tid 30762] [client 15.237.189.84:63871] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.macryder.com"] [uri "/sftp-config.json"] [unique_id "Zt1HMqONclgXk68mW8aINAAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 02:15:45.477167 2024] [security2:error] [pid 1369875:tid 1369891] [client 15.237.189.84:61011] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jean-paullederer.com"] [uri "/sftp-config.json"] [unique_id "Zt1BEe09MGKohYMsCZc6rQAAAMg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Infostealer, stealing credentials: /sftp-config.json
|
Hacking
|
|
mnsf
|
|
Too many Status 40X (11)
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 01:58:02.543292 2024] [security2:error] [pid 12550:tid 12550] [client 15.237.189.84:64361] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "solidthought.com"] [uri "/sftp-config.json"] [unique_id "Zt086olHOZKpA3Jz6aJWMAAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 01:42:42.131431 2024] [security2:error] [pid 7890:tid 7890] [client 15.237.189.84:63783] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eagleoaks.net"] [uri "/sftp-config.json"] [unique_id "Zt05UiuvVQHVc8_YFhhFjgAAAAc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Malicious activity detected
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 15.237.189.84 (ec2-15-237-189-84.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 01:23:52.056462 2024] [security2:error] [pid 25069:tid 25069] [client 15.237.189.84:54964] [client 15.237.189.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lollytalk.com"] [uri "/sftp-config.json"] [unique_id "Zt006DWT-m5aWg65-fgjGwAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
cmbplf
|
|
941 requests to */sftp-config.json
|
Brute-Force
Bad Web Bot
|
|
Hydra-Shield.fr
|
|
Directory Traversal on: /.vscode/sftp.json
|
Web App Attack
|
|