Anonymous
2024-12-01 05:15:49
(5 days ago)
Fuzzing/Looking for credentials files.
Brute-Force
Web App Attack
TPI-Abuse
2024-12-01 05:11:35
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:11:30.042967 2024] [security2:error] [pid 29827:tid 29827] [client 18.196.50.119:52708] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.torreja.nyc"] [uri "/.env"] [unique_id "Z0vwAgLO6OA5sO9hx4mpHAAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Bedios GmbH
2024-12-01 05:08:08
(5 days ago)
Login credentials theft attempt
Hacking
FeG Deutschland
2024-12-01 05:04:32
(5 days ago)
Looking for CMS/PHP/SQL vulnerablilities - 12345671011
Exploited Host
Web App Attack
TPI-Abuse
2024-12-01 04:39:26
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 23:39:19.822322 2024] [security2:error] [pid 3562117:tid 3562117] [client 18.196.50.119:53154] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.mandavaassoc.com"] [uri "/.env"] [unique_id "Z0vod6JpSJt4_FtOwnhqKwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 03:56:31
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 22:56:23.739198 2024] [security2:error] [pid 21054:tid 21054] [client 18.196.50.119:33402] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.crescentcitycafe.org"] [uri "/.env"] [unique_id "Z0veZxzI2MCCgN3Wr7pTOQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 02:20:09
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:20:03.037700 2024] [security2:error] [pid 2666785:tid 2666785] [client 18.196.50.119:34610] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geriterry.com"] [uri "/.env"] [unique_id "Z0vH0_rtYU49I-XgqZsDLwAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 02:03:13
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:03:06.154433 2024] [security2:error] [pid 1231:tid 1231] [client 18.196.50.119:43066] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geointermodal.nodepot.com"] [uri "/.env"] [unique_id "Z0vD2h4x5Vd3XwYJU4PAdAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 00:09:30
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 19:09:25.325699 2024] [security2:error] [pid 5331:tid 5331] [client 18.196.50.119:50898] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sydat.abramczuk.me"] [uri "/.env"] [unique_id "Z0upNYFzEvgJsspWl4xhCgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-01 00:08:31
(5 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-30 23:52:01
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 18:51:56.569068 2024] [security2:error] [pid 806602:tid 806602] [client 18.196.50.119:46084] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hector.velasco.me"] [uri "/.env"] [unique_id "Z0ulHH47unQiFxPRG9IP1wAAABw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-30 23:36:18
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.c ... show more (mod_security) mod_security (id:210492) triggered by 18.196.50.119 (ec2-18-196-50-119.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 18:36:11.688577 2024] [security2:error] [pid 28811:tid 28811] [client 18.196.50.119:41800] [client 18.196.50.119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stsis.me"] [uri "/.env"] [unique_id "Z0uha61df5cH_jZmG5IMcwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack