Linuxmalwarehuntingnl
2024-07-01 10:34:48
(6 months ago)
Unauthorized connection attempt
Brute-Force
gu-alvareza
2024-06-29 07:05:34
(6 months ago)
AndroxGh0st.Malware
Hacking
Exploited Host
lp
2024-06-28 17:08:59
(6 months ago)
Bot webscan: 1 attempts were recorded from 185.241.208.192
185.241.208.192 "GET /.env HTTP/1.1 ... show more Bot webscan: 1 attempts were recorded from 185.241.208.192
185.241.208.192 "GET /.env HTTP/1.1" 404 493 "-" "python-requests/2.26.0" show less
Port Scan
Ba-Yu
2024-06-27 19:44:42
(6 months ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
MortimerCat
2024-06-27 19:29:21
(6 months ago)
Attempting to download environment file
Web App Attack
TPI-Abuse
2024-06-27 19:17:20
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 15:17:12.405838 2024] [security2:error] [pid 1358] [client 185.241.208.192:63641] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.74"] [uri "/.env"] [unique_id "Zn26uHFI3_tzDzrdyPRPuQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-24 01:41:48
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 23 21:41:41.416419 2024] [security2:error] [pid 22043] [client 185.241.208.192:55164] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.159"] [uri "/.env"] [unique_id "ZnjO1Yye0cNYpFBme633GQAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Vaction
2024-06-22 13:35:03
(6 months ago)
185.241.208.192 - - [22/Jun/2024:15:35:03 +0200] "GET /.env HTTP/1.1" 404 397 "-" "python-requests/2 ... show more 185.241.208.192 - - [22/Jun/2024:15:35:03 +0200] "GET /.env HTTP/1.1" 404 397 "-" "python-requests/2.26.0" show less
Hacking
Hacking
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
ozisp.com.au
2024-06-22 04:57:38
(6 months ago)
null_null_<33>1719032255 [1:2031502:4] ET INFO Request to Hidden Environment File - Inbound [Classif ... show more null_null_<33>1719032255 [1:2031502:4] ET INFO Request to Hidden Environment File - Inbound [Classification: Misc activity] [Priority: 3] {TCP} 185.241.208.192:60677 show less
Hacking
Hacking
aks4226
2024-06-20 15:59:08
(6 months ago)
Attacking common web applications. (n01)
Web App Attack
Web App Attack
TPI-Abuse
2024-06-20 15:48:10
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 20 11:48:03.587584 2024] [security2:error] [pid 24887:tid 47119372203776] [client 185.241.208.192:53104] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.125"] [uri "/.env"] [unique_id "ZnRPM9U-pqRCgf-9cyZIowAAAUQ"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
oh.mg
2024-06-18 21:50:20
(6 months ago)
(mod_security) mod_security (id:949110) triggered by 185.241.208.192 (PL/Poland/-): 1 in the last 36 ... show more (mod_security) mod_security (id:949110) triggered by 185.241.208.192 (PL/Poland/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 18 21:50:15.964551 2024] [:error] [pid 1699996:tid 139656792286976] [client 185.241.208.192:50952] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "184"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "anomaly-evaluation"] [hostname "82.66.98.178"] [uri "/.env"] [unique_id "ZnIBF@OfrSBkoFvzX0CHuAAAAVU"] show less
Port Scan
Port Scan
TPI-Abuse
2024-06-17 01:31:08
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 16 21:31:02.193176 2024] [security2:error] [pid 17226] [client 185.241.208.192:60507] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.4"] [uri "/.env"] [unique_id "Zm-R1q0slYc4QuyyZinq1gAAAAU"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
TPI-Abuse
2024-06-15 02:20:00
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.241.208.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 14 22:19:55.172967 2024] [security2:error] [pid 28995] [client 185.241.208.192:55391] [client 185.241.208.192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.42"] [uri "/.env"] [unique_id "Zmz6S9hAWW-NqtDRzoCXawAAAAA"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
dzpk
2024-06-13 04:53:13
(7 months ago)
185.241.208.192 - - [13/Jun/2024:06:53:13 +0200] "GET /.env HTTP/1.1" 444 0 "-" "python-requests/2.2 ... show more 185.241.208.192 - - [13/Jun/2024:06:53:13 +0200] "GET /.env HTTP/1.1" 444 0 "-" "python-requests/2.26.0" "-" show less
Hacking
Web App Attack