bescared
2024-10-03 12:48:00
(1 month ago)
Malicious activity detected: URL probing.
Hacking
Bad Web Bot
Web App Attack
juguemosalacarioca.com
2024-10-03 12:45:29
(1 month ago)
Multiple HTTP calls attempting to GET resources using common API calls or formats on port 8080
Web App Attack
TPI-Abuse
2024-10-03 12:37:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 18.232.86.114 (ec2-18-232-86-114.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 18.232.86.114 (ec2-18-232-86-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 08:37:40.283821 2024] [security2:error] [pid 5385:tid 5385] [client 18.232.86.114:54118] [client 18.232.86.114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.clintess.biz"] [uri "/.git/config"] [unique_id "Zv6QFH8UJRZCNLvdFiZPoQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
theEngineer
2024-10-03 12:33:58
(1 month ago)
[13:33:57] 4*: Exploit attempt against non-existent file - /.git/config
Hacking
Web App Attack
McClay
2024-10-03 12:32:00
(1 month ago)
Illegal access attempt:18.232.86.114 - - [03/Oct/2024:14:31:59 +0200] "GET /.git/config HTTP/1.1" 40 ... show more Illegal access attempt:18.232.86.114 - - [03/Oct/2024:14:31:59 +0200] "GET /.git/config HTTP/1.1" 404 3606 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1"
... show less
Hacking
Web App Attack
Anonymous
2024-10-03 12:30:01
(1 month ago)
File repository snooping, accessed by IP not domain:
18.232.86.114 - - [03/Oct/2024:13:19:22 ... show more File repository snooping, accessed by IP not domain:
18.232.86.114 - - [03/Oct/2024:13:19:22 +0100] "GET /.git/config HTTP/1.1" 404 328 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 OPR/62.0.333" show less
Hacking
Web App Attack
Burayot
2024-10-03 12:29:31
(1 month ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 18.232.86.114 (US/United States/ec2- ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 18.232.86.114 (US/United States/ec2-18-232-86-114.compute-1.amazonaws.com): 2 in the last 3600 secs show less
Web App Attack
Rocky Mountain Bioengineering Symposium
2024-10-03 12:29:15
(1 month ago)
18.232.86.114 - - [03/Oct/2024:06:29:14 -0600] "GET /.git/config HTTP/1.1" 303 4846 "-" "Mozilla/5.0 ... show more 18.232.86.114 - - [03/Oct/2024:06:29:14 -0600] "GET /.git/config HTTP/1.1" 303 4846 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3704.400 QQBrowser/10.4.3587.400"
... show less
Web App Attack
Blexyel
2024-10-03 12:23:50
(1 month ago)
18.232.86.114 - - [03/Oct/2024:14:23:49 +0200] "GET /.git/config HTTP/1.1" 404 21 "-" "Mozilla/5.0 ( ... show more 18.232.86.114 - - [03/Oct/2024:14:23:49 +0200] "GET /.git/config HTTP/1.1" 404 21 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/58.0.3135.107"
... show less
Brute-Force
Web App Attack
TPI-Abuse
2024-10-03 12:22:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 18.232.86.114 (ec2-18-232-86-114.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 18.232.86.114 (ec2-18-232-86-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 08:22:41.458620 2024] [security2:error] [pid 9132:tid 9132] [client 18.232.86.114:57654] [client 18.232.86.114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.campnecon.com"] [uri "/.git/config"] [unique_id "Zv6MkTxAlJj_BlKNK1pTCwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Shadymint
2024-10-03 12:16:53
(1 month ago)
url probing from IP marked as abusive
Web App Attack
thefoofighter
2024-10-03 12:12:51
(1 month ago)
[Thu Oct 03 12:12:51.303677 2024] [:error] [pid 2720385] [client 18.232.86.114:48068] [client 18.232 ... show more [Thu Oct 03 12:12:51.303677 2024] [:error] [pid 2720385] [client 18.232.86.114:48068] [client 18.232.86.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "63.250.44.173"] [uri "/.git/config"] [unique_id "Zv6KQ_TKZ2dzXiVWqa2MXAAAAB0"]
[Thu Oct 03 12:12:51.304870 2024] [:error] [pid 2720394] [client 18.232.86.114:58764] [client 18.232.86.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3
... show less
Bad Web Bot
Web App Attack
RCS
2024-10-03 12:10:32
(1 month ago)
fail2ban apache-modsecurity
...
Bad Web Bot
Web App Attack
brantknudson.org
2024-10-03 12:09:15
(1 month ago)
Client attempted attack using request path '/.git/config' to honeypot.
Web App Attack
TrafficAnalyser
2024-10-03 12:00:31
(1 month ago)
Probing "GET /.git/config HTTP/1.1"
Web App Attack