Anonymous
2024-11-15 03:30:16
(2 months ago)
fail2ban_mm apache-modsecurity [msg "Host header is a numeric IP address"] [uri "/.env"]
Web App Attack
ANTI SCANNER
2024-11-15 03:25:49
(2 months ago)
Scanner : /.env
Web Spam
TPI-Abuse
2024-11-15 03:13:36
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 22:13:32.873674 2024] [security2:error] [pid 10579:tid 10579] [client 165.227.62.131:35716] [client 165.227.62.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.61"] [uri "/.env"] [unique_id "Zza8XH-Gm8VoipBIpN4RsgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-11-15 03:10:45
(2 months ago)
Events: TCP SYN Discovery or Flooding, Seen 23 times in the last 10800 seconds
DDoS Attack
Study Bitcoin 🤗
2024-11-15 03:02:24
(2 months ago)
Port probe to tcp/443 (https)
[srv124]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-15 02:56:29
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 21:56:25.820284 2024] [security2:error] [pid 6075:tid 6075] [client 165.227.62.131:38318] [client 165.227.62.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.40"] [uri "/.env"] [unique_id "Zza4WUQKhMszFUMQBxmEsAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-15 02:40:19
(2 months ago)
Port probe to tcp/443 (https)
[srv124]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-11-15 02:36:56
(2 months ago)
15/Nov/2024:03:36:55.890049 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Nov/2024:03:36:55.890049 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 165.227.62.131] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "91.126.30.243"] [uri "/.env"] [unique_id "Zzazx01jgHyyEvxWtSRVwQAABC8"]
... show less
Hacking
Web App Attack
lumbermatt_de
2024-11-15 02:31:23
(2 months ago)
Vulnerability exploit attack detected
Web App Attack
TPI-Abuse
2024-11-15 02:16:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 21:16:09.192139 2024] [security2:error] [pid 8632:tid 8632] [client 165.227.62.131:54688] [client 165.227.62.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.239"] [uri "/.env"] [unique_id "Zzau6dZoPteSnH3Qt37D2wAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-11-15 02:08:51
(2 months ago)
Events: TCP SYN Discovery or Flooding, Seen 8 times in the last 10800 seconds
DDoS Attack
Study Bitcoin 🤗
2024-11-15 02:06:30
(2 months ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-15 01:58:32
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.227.62.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 20:58:27.636107 2024] [security2:error] [pid 19342:tid 19342] [client 165.227.62.131:40278] [client 165.227.62.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.12"] [uri "/.env"] [unique_id "Zzaqw_xgQbjJJ5zmAOTrNgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
webbfabriken
2024-11-15 01:53:40
(2 months ago)
spam or other hacking activities reported by webbfabriken security servers
Attack reported by ... show more spam or other hacking activities reported by webbfabriken security servers
Attack reported by Webbfabriken Security API - WFSecAPI show less
Web Spam
smopdidi
2024-11-15 01:13:34
(2 months ago)
Ports: 443; 4 attempts
Port Scan