MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
oncord
|
|
Form spam
|
Web Spam
|
|
Mr-Money
|
|
185.192.71.92 - - [04/Feb/2024:20:38:22 +0100] "POST /admin-app/.env%20 HTTP/1.1" 404 493 "-" "Mozil ... show more185.192.71.92 - - [04/Feb/2024:20:38:22 +0100] "POST /admin-app/.env%20 HTTP/1.1" 404 493 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"
... show less
|
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
|
|
Kraften
|
|
Tentative Web App attack
...
|
Web App Attack
|
|
oh.mg
|
|
(mod_security) mod_security (id:949110) triggered by 185.192.71.92 (GB/United Kingdom/-): 1 in the l ... show more(mod_security) mod_security (id:949110) triggered by 185.192.71.92 (GB/United Kingdom/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Feb 03 19:20:16.403937 2024] [:error] [pid 1484526:tid 139637372745472] [client 185.192.71.92:55325] [client 185.192.71.92] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "184"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "anomaly-evaluation"] [hostname "82.66.98.178"] [uri "/admin-app/.env "] [unique_id "Zb6R8HvtWtjwR7teXa8vxQAAAIg"] show less
|
Port Scan
|
|
wdmleds.com
|
|
[Sat Feb 03 13:40:20.422980 2024] [authz_core:error] [pid 856789:tid 139843615004416] [client 185.19 ... show more[Sat Feb 03 13:40:20.422980 2024] [authz_core:error] [pid 856789:tid 139843615004416] [client 185.192.71.92:32291] AH01630: client denied by server configuration: /var/www/html/.env.old
[Sat Feb 03 13:40:41.898818 2024] [authz_core:error] [pid 856795:tid 139843598219008] [client 185.192.71.92:39049] AH01630: client denied by server configuration: /var/www/html/.env.dist
[Sat Feb 03 13:40:49.992763 2024] [authz_core:error] [pid 856795:tid 139843598219008] [client 185.192.71.92:7091] AH01630: client denied by server configuration: /var/www/html/enviroments
... show less
|
Web Spam
Brute-Force
Bad Web Bot
|
|
Anonymous
|
|
Common attack or app scan event detected and blocked
|
Port Scan
Hacking
Web App Attack
|
|
Anonymous
|
|
185.192.71.92 - - [01/Feb/2024:05:57:52 +0100] "GET /sapi/debug/default/view HTTP/1.1" 404 493 "-" " ... show more185.192.71.92 - - [01/Feb/2024:05:57:52 +0100] "GET /sapi/debug/default/view HTTP/1.1" 404 493 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
185.192.71.92 - - [01/Feb/2024:05:58:16 +0100] "GET /.vscode/sftp.json HTTP/1.1" 404 493 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0"
185.192.71.92 - - [01/Feb/2024:05:58:52 +0100] "GET /.vscode/sftp.json HTTP/1.1" 404 5207 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0"
... show less
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 29 00:37:44.877297 2023] [security2:error] [pid 3507] [client 185.192.71.92:19445] [client 185.192.71.92] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aufflammen.com"] [uri "/sendgrid/.env"] [unique_id "ZY5bKNsG5lKKChWA9WOj_AAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 23 16:45:29.522856 2023] [security2:error] [pid 22050] [client 185.192.71.92:51805] [client 185.192.71.92] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boat-registration-hong-kong.com"] [uri "/.env"] [unique_id "ZYdU-YBj_Thw_OJSqIzFGwAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 23 14:39:26.478086 2023] [security2:error] [pid 24368] [client 185.192.71.92:27991] [client 185.192.71.92] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blockadegc.com"] [uri "/.env"] [unique_id "ZYc3bsrpKX-5lsdFmG5hQwAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 185.192.71.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 22 18:37:42.750329 2023] [security2:error] [pid 2898] [client 185.192.71.92:26015] [client 185.192.71.92] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "atlanticcitypartybuses.com"] [uri "/.env"] [unique_id "ZYYdxhF_IqrSZT2c0iMmhQAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
archiv-pm
|
|
Probing for resource vulnerabilities
|
Web App Attack
|
|
MSZ
|
|
Fail2Ban triggered by plesk-modsecurity Tue 24 Oct 2023 06:30:24 PM CEST
|
Hacking
Brute-Force
Web App Attack
|
|