MAGIC
2024-11-14 10:00:59
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-14 09:52:36
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:52:29.112755 2024] [security2:error] [pid 17462:tid 17462] [client 165.232.183.64:36730] [client 165.232.183.64] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.26"] [uri "/.env"] [unique_id "ZzXIXUF1dB1b4ZlpwNpJBgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
myintarweb
2024-11-14 09:31:33
(2 months ago)
165.232.183.64 - - [14/Nov/2024:09:31:32 +0000] 443 "GET /.env HTTP/1.1" 404 29078 "-" "Mozilla/5.0 ... show more 165.232.183.64 - - [14/Nov/2024:09:31:32 +0000] 443 "GET /.env HTTP/1.1" 404 29078 "-" "Mozilla/5.0 Keydrop"
... show less
Hacking
Bad Web Bot
Web App Attack
Linux-Tech
2024-11-14 09:26:15
(2 months ago)
165.232.183.64 - - [14/Nov/2024:10:26:14 +0100] "GET /.env HTTP/1.1" 400 154 "-" "Mozilla/5.0 Keydro ... show more 165.232.183.64 - - [14/Nov/2024:10:26:14 +0100] "GET /.env HTTP/1.1" 400 154 "-" "Mozilla/5.0 Keydrop" 165.232.183.64 - - [14/Nov/2024:10:26:14 +0100] "GET /.env HTTP/1.1" 400 248 "-" "Mozilla/5.0 Keydrop" show less
Port Scan
Bad Web Bot
Web App Attack
dinginess6354
2024-11-14 09:12:51
(2 months ago)
Unauthorized Access Attempt
Port Scan
Hacking
Web App Attack
TPI-Abuse
2024-11-14 09:11:47
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:11:40.849317 2024] [security2:error] [pid 3730878:tid 3730878] [client 165.232.183.64:42090] [client 165.232.183.64] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.218"] [uri "/.env"] [unique_id "ZzW-zBYx_iBQk-uuKiomtwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-14 09:11:30
(2 months ago)
fail2ban_mm apache-modsecurity [msg "Host header is a numeric IP address"] [uri "/.env"]
Web App Attack
ANTI SCANNER
2024-11-14 09:04:42
(2 months ago)
Scanner : /.env
Web Spam
TPI-Abuse
2024-11-14 08:46:19
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 03:46:11.343100 2024] [security2:error] [pid 12963:tid 12963] [client 165.232.183.64:33476] [client 165.232.183.64] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.61"] [uri "/.env"] [unique_id "ZzW4030LqO47KDfj6lDqqQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-14 08:28:17
(2 months ago)
Port probe to tcp/443 (https)
[srv124]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-14 08:21:05
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 03:20:59.799669 2024] [security2:error] [pid 2885:tid 2885] [client 165.232.183.64:44868] [client 165.232.183.64] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.40"] [uri "/.env"] [unique_id "ZzWy610YZ9KQ9A-pidReYQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-11-14 07:52:40
(2 months ago)
14/Nov/2024:08:52:40.384356 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Nov/2024:08:52:40.384356 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 165.232.183.64] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "91.126.30.243"] [uri "/.env"] [unique_id "ZzWsSHCosnwmbIewrjfYJgAAAFM"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-11-14 07:40:22
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 165.232.183.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 02:40:16.844936 2024] [security2:error] [pid 15146:tid 15146] [client 165.232.183.64:41982] [client 165.232.183.64] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.138"] [uri "/.env"] [unique_id "ZzWpYLeiUtyR-HTyirM6_wAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-11-14 07:30:56
(2 months ago)
Events: TCP SYN Discovery or Flooding, Seen 8 times in the last 10800 seconds
DDoS Attack
Study Bitcoin 🤗
2024-11-14 07:26:34
(2 months ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack