ISPLtd
10 Apr 2023
185.254.196.223 - - [10/Apr/2023:03:20:40 -0300] "GET /.env
Hacking
Web App Attack
10 Apr 2023
Invalid POST request
Hacking
bus-hit.me
10 Apr 2023
185.254.196.223 - - [10/Apr/2023:00:32:40 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozil ... show more 185.254.196.223 - - [10/Apr/2023:00:32:40 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 185.254.196.223 - - [10/Apr/2023:03:34:50 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Brute-Force
Web App Attack
SEOAlexRamon
10 Apr 2023
Attempting to establish a connection on port 80 - Fail2Ban
Port Scan
bus-hit.me
09 Apr 2023
185.254.196.223 - - [09/Apr/2023:18:36:54 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozil ... show more 185.254.196.223 - - [09/Apr/2023:18:36:54 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 185.254.196.223 - - [09/Apr/2023:21:34:03 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Brute-Force
Web App Attack
Vieira Filho
09 Apr 2023
185.254.196.223 - - [09/Apr/2023:12:56:20 -0300] [35.198.31.82] "35.198.31.82" "GET /.env HTTP/1.1" ... show more 185.254.196.223 - - [09/Apr/2023:12:56:20 -0300] [35.198.31.82] "35.198.31.82" "GET /.env HTTP/1.1" 404 571 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 0.000show less
Brute-Force
Exploited Host
Web App Attack
bus-hit.me
09 Apr 2023
185.254.196.223 - - [09/Apr/2023:12:35:17 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozil ... show more 185.254.196.223 - - [09/Apr/2023:12:35:17 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 185.254.196.223 - - [09/Apr/2023:15:34:29 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Brute-Force
Web App Attack
ISPLtd
09 Apr 2023
185.254.196.223 - - [09/Apr/2023:12:21:11 -0300] "GET /.env
Hacking
Web App Attack
oh.mg
09 Apr 2023
(mod_security) mod_security (id:949110) triggered by 185.254.196.223 (alert.shipitwith.us): 1 in the ... show more (mod_security) mod_security (id:949110) triggered by 185.254.196.223 (alert.shipitwith.us): 1 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_TRIGGER; Logs: [Sun Apr 09 09:58:12.023859 2023] [:error] [pid 2276251:tid 140475973469888] [client 185.254.196.223:52800] [client 185.254.196.223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "170.64.170.178"] [uri "/.env"] [unique_id "ZDKMNEN-kDpeMPqQXGlh1AAAAEg"] show less
Brute-Force
SSH
bus-hit.me
09 Apr 2023
185.254.196.223 - - [09/Apr/2023:03:37:02 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozil ... show more 185.254.196.223 - - [09/Apr/2023:03:37:02 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 185.254.196.223 - - [09/Apr/2023:09:36:16 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Brute-Force
Web App Attack
FEWA
09 Apr 2023
Fail2Ban Ban Triggered
Hacking
Bad Web Bot
Web App Attack
oh.mg
09 Apr 2023
(mod_security) mod_security (id:949110) triggered by 185.254.196.223 (US/United States/alert.shipitw ... show more (mod_security) mod_security (id:949110) triggered by 185.254.196.223 (US/United States/alert.shipitwith.us): 1 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_TRIGGER; Logs: [Sun Apr 09 06:11:26.152500 2023] [:error] [pid 697188:tid 139738994419392] [client 185.254.196.223:50896] [client 185.254.196.223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/modsecurity-crs/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "159.65.145.216"] [uri "/.env"] [unique_id "ZDJXDrft9_WKTqRM2j60dQAAAEQ"] show less
Brute-Force
SSH
09 Apr 2023
Invalid POST request
Hacking
bus-hit.me
09 Apr 2023
185.254.196.223 - - [08/Apr/2023:21:33:22 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozil ... show more 185.254.196.223 - - [08/Apr/2023:21:33:22 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 185.254.196.223 - - [09/Apr/2023:00:36:03 +0000] "(server ip)" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Brute-Force
Web App Attack
ISPLtd
09 Apr 2023
185.254.196.223 - - [08/Apr/2023:21:21:31 -0300] "GET /.env
Hacking
Web App Attack
Ukraine