Holger
|
|
URL probing: GET /.env
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:55:18.191683 2024] [security2:error] [pid 14862:tid 14862] [client 159.203.42.29:47036] [client 159.203.42.29] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.190"] [uri "/.env"] [unique_id "Zw6CVtNPAa_wUDcPvNFV4AAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
on-com
|
|
URL scan
|
Brute-Force
Web App Attack
|
|
MPL
|
|
tcp/443 (4 or more attempts)
|
Port Scan
|
|
Anonymous
|
|
RdpGuard detected brute-force attempt on HTTP
|
Brute-Force
|
|
MPL
|
|
tcp/443 (6 or more attempts)
|
Port Scan
|
|
lnklnx
|
|
www.lnklnx.com:443 159.203.42.29 - - [15/Oct/2024:09:33:52 -0500] "GET /.env HTTP/1.1" 403 3443 "-" ... show morewww.lnklnx.com:443 159.203.42.29 - - [15/Oct/2024:09:33:52 -0500] "GET /.env HTTP/1.1" 403 3443 "-" "Mozilla/5.0 Keydrop"
... show less
|
Web App Attack
|
|
Anonymous
|
|
Fail2Ban triggered
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:07:45.213055 2024] [security2:error] [pid 9574:tid 9574] [client 159.203.42.29:46192] [client 159.203.42.29] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.6"] [uri "/.env"] [unique_id "Zw53Ma1uMHTef54t4Epv9gAAABQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 159.203.42.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 09:38:45.293534 2024] [security2:error] [pid 23765:tid 23765] [client 159.203.42.29:51282] [client 159.203.42.29] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.161"] [uri "/.env"] [unique_id "Zw5wZQRrhDrPYZwYOfxU1AAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Mr-Money
|
|
159.203.42.29 - - [15/Oct/2024:15:36:49 +0200] "GET /.env HTTP/1.1" 404 3273 "-" "Mozilla/5.0 Keydro ... show more159.203.42.29 - - [15/Oct/2024:15:36:49 +0200] "GET /.env HTTP/1.1" 404 3273 "-" "Mozilla/5.0 Keydrop"
... show less
|
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
|
|
Anonymous
|
|
"Access from malicious IP address,Illegal host name"
|
Brute-Force
|
|
polido
|
|
Unauthorized connection attempt to port 4160 from https://ip.polido.pt/159.203.42.29
|
Port Scan
|
|
polido
|
|
Unauthorized connection attempt to port 4161 from https://ip.polido.pt/159.203.42.29
|
Port Scan
|
|
polido
|
|
Unauthorized connection attempt to port 4161 from https://ip.polido.pt/159.203.42.29
|
Port Scan
|
|