rshict
2025-01-28 10:13:16
(1 week ago)
Hacking, Brute-Force, Web App Attack
Hacking
Brute-Force
Web App Attack
hermawan
2025-01-15 14:37:12
(3 weeks ago)
[Wed Jan 15 07:26:11.694162 2025] [security2:error] [pid 200131:tid 137704201238208] [client 164.90. ... show more [Wed Jan 15 07:26:11.694162 2025] [security2:error] [pid 200131:tid 137704201238208] [client 164.90.217.232:37724] ModSecurity: Access denied with code 403 (phase 1). Match of "pm staklim-jatim.bmkg.go.id staklim-malang.info matomo.staklim-malang.info" against "REQUEST_HEADERS:Host" required. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "195"] [id "440217"] [msg "Not Current Hostname"] [data "Matched Data: found within REQUEST_HEADERS:Host: 103.166.156.58 request_line = GET /.env HTTP/1.1"] [severity "NOTICE"] [hostname "matomo.staklim-malang.info"] [uri "/.env"] [unique_id "Z4cAoxJzsRUg0HFQlmnOZwAAAVw"] [matomo.staklim-malang.info] [matomo.staklim-malang.info] top=[200261] [yCF7uXuPlTk] [Z4cAoxJzsRUg0HFQlmnOZwAAAVw] keep_alive=[0] [2025-01-15 07:26:11.694165] [R:Z4cAoxJzsRUg0HFQlmnOZwAAAVw] UA:'Mozilla/5.0 Keydrop' Host:'103.166.156.58' ACCEPT:'*/*' Accept-Encoding:'gzip
... show less
Hacking
Web App Attack
Anonymous
2025-01-15 11:08:01
(3 weeks ago)
[14/Jan/2025:22:29:24 -0500] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 Keydrop\"
[14/Jan/2025:22:29 ... show more [14/Jan/2025:22:29:24 -0500] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 Keydrop\"
[14/Jan/2025:22:29:24 -0500] \"GET / HTTP/1.0\" Blank UA show less
Hacking
BSG Webmaster
2025-01-15 08:35:10
(3 weeks ago)
Port scanning (Port 443)
Port Scan
Hacking
Anonymous
2025-01-15 04:52:16
(3 weeks ago)
Reported from Nginx log analysis 6. Log: 164.90.217.232 - - [15/Jan/2025:xx:xx:xx 0100] "GET /.env ... show more Reported from Nginx log analysis 6. Log: 164.90.217.232 - - [15/Jan/2025:xx:xx:xx 0100] "GET /.env HTTP/1.1" xxx xxx "-" "Mozilla/5.0 Keydrop" "-" "DE Germany Frankfurt am Main" "AS14061" "DIGITALOCEAN-ASN" show less
Port Scan
Brute-Force
SSH
SecondEdge
2025-01-15 03:42:31
(3 weeks ago)
A web attack was detected from 164.90.217.232 (Germany / Hesse / Frankfurt am Main) against 52.215.2 ... show more A web attack was detected from 164.90.217.232 (Germany / Hesse / Frankfurt am Main) against 52.215.230.232 (Git Variable Scan). show less
Web App Attack
kosada.com
2025-01-15 03:19:11
(3 weeks ago)
Web vulnerability probing
Web App Attack
TPI-Abuse
2025-01-15 03:04:52
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 22:04:48.622193 2025] [security2:error] [pid 24903:tid 24903] [client 164.90.217.232:46334] [client 164.90.217.232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.206"] [uri "/.env"] [unique_id "Z4cl0OP7gFC2FwRuZVkpmgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
jk jk
2025-01-15 03:03:11
(3 weeks ago)
GoPot Honeypot 1
Hacking
Web App Attack
Anonymous
2025-01-15 03:03:01
(3 weeks ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET / HTTP/1.0
Hacking
Web App Attack
dpinse
2025-01-15 02:53:19
(3 weeks ago)
teler detected Directory Bruteforce against resource /.env from 164.90.217.232
Bad Web Bot
TPI-Abuse
2025-01-15 02:35:12
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 21:35:08.434820 2025] [security2:error] [pid 4196:tid 4196] [client 164.90.217.232:40100] [client 164.90.217.232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.175"] [uri "/.env"] [unique_id "Z4ce3KJH2e5zvWJCucsVagAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 02:18:19
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 164.90.217.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 21:18:16.566752 2025] [security2:error] [pid 2518390:tid 2518390] [client 164.90.217.232:58966] [client 164.90.217.232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.62"] [uri "/.env"] [unique_id "Z4ca6DjdoI7wYR8jjiplZwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
kumiko
2025-01-15 02:16:53
(3 weeks ago)
[2025-01-15 02:16:53] Probing for dotfiles
"GET /.env HTTP/1.1" 403
Bad Web Bot
Web App Attack
ifiguero
2025-01-15 02:09:57
(3 weeks ago)
Web Attack (\x00\x00\x00\x00\x00). 7d ban
Web App Attack