sdos.es
2023-12-28 19:32:14
(11 months ago)
"Restricted File Access Attempt - Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sf ... show more "Restricted File Access Attempt - Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json" show less
Web App Attack
Mediashaker
2023-12-28 13:23:46
(11 months ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 173.239.211.199 (US/Unit ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 173.239.211.199 (US/United States/suitepmta020137.emarsys.us) show less
Port Scan
All2gether
2023-12-28 10:41:58
(11 months ago)
Web App Attack
Anonymous
2023-12-28 05:11:43
(11 months ago)
server 1
Web App Attack
Anonymous
2023-12-26 00:28:42
(11 months ago)
Data exfiltration attempt: /development
Hacking
Anonymous
2023-12-25 11:01:38
(11 months ago)
Common attack or app scan event detected and blocked
Port Scan
Hacking
Web App Attack
mawan
2023-12-21 00:42:45
(11 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Security_Whaller
2023-12-18 10:35:16
(11 months ago)
Malicious activity detected on Honeypot.
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2023-12-18 00:24:14
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 19:24:03.836075 2023] [security2:error] [pid 25826] [client 173.239.211.199:51413] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.89"] [uri "/private/.env"] [unique_id "ZX-RI5vOlbE4NG6cTANU0wAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-17 23:56:11
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 18:56:05.413942 2023] [security2:error] [pid 11134] [client 173.239.211.199:29247] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.64"] [uri "/private/.env"] [unique_id "ZX-KlRSKxJbqTbWLKDIHFwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-17 21:18:17
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 16:18:11.698781 2023] [security2:error] [pid 10751] [client 173.239.211.199:3083] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.207"] [uri "/docker/.env"] [unique_id "ZX9lk7ZoH7Xgcy3aTFPWQwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-17 16:20:53
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 11:20:49.290374 2023] [security2:error] [pid 20835] [client 173.239.211.199:61345] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.104"] [uri "/script/.env"] [unique_id "ZX8f4ceB9LRAb86gKOEpwgAAAB8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-17 00:56:02
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 19:55:55.025726 2023] [security2:error] [pid 1268] [client 173.239.211.199:64635] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fundingworkingcapital.com"] [uri "/.env"] [unique_id "ZX5HGyNuaF9XShtjltCDXQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 23:08:10
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 18:08:03.765226 2023] [security2:error] [pid 7267] [client 173.239.211.199:28279] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bb103.us"] [uri "/.env"] [unique_id "ZX4t0zktoVAmnW-QYUOItgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 21:32:06
(11 months ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.199 (suitepmta020137.emarsys.us): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 16:32:00.871702 2023] [security2:error] [pid 1104:tid 47853948180224] [client 173.239.211.199:22651] [client 173.239.211.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "freshviewevents.com"] [uri "/.env"] [unique_id "ZX4XUGlBk7HZ0SN7XK7yQQAAAEo"] show less
Brute-Force
Bad Web Bot
Web App Attack