Guardian
2024-10-03 21:50:24
(1 week ago)
Unauthorized attempt to retrieve configuration file
2.57.168.71 [03/Oct/2024:21:50:23] "GET /a ... show more Unauthorized attempt to retrieve configuration file
2.57.168.71 [03/Oct/2024:21:50:23] "GET /app/.env HTTP/1.1" show less
Port Scan
Web App Attack
adalbertoreyes.org
2024-10-03 15:12:46
(1 week ago)
CategoryPortScan
Port Scan
sxvn
2024-10-03 03:41:15
(1 week ago)
2024-10-03 03:41:15,035 fail2ban.actions [854]: NOTICE [nginx-4xx] Ban 2.57.168.71
202 ... show more 2024-10-03 03:41:15,035 fail2ban.actions [854]: NOTICE [nginx-4xx] Ban 2.57.168.71
2024-10-03 03:41:15,043 fail2ban.actions [854]: NOTICE [nginxrepeatoffender] Ban 2.57.168.71
2024-10-03 03:41:15,236 fail2ban.actions [854]: NOTICE [webexploits] Ban 2.57.168.71
... show less
Brute-Force
PulseServers
2024-10-03 00:10:09
(1 week ago)
Probing a honeypot for vulnerabilities. Ignored robots.txt - CA10 Honeypot
...
Hacking
Web App Attack
w-e-c-l-o-u-d-i-t
2024-09-14 15:20:38
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2.57.168.71 (US/United States/-): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2.57.168.71 (US/United States/-): 1 in the last 600 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC show less
Brute-Force
SSH
TPI-Abuse
2024-09-14 08:24:23
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2.57.168.71 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 2.57.168.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 04:24:19.417566 2024] [security2:error] [pid 30753:tid 30753] [client 2.57.168.71:27287] [client 2.57.168.71] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.travelwithjenniferb.com"] [uri "/vendor/.env"] [unique_id "ZuVIMwYQvyhKBVk2oAeH0QAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 01:57:43
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2.57.168.71 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 2.57.168.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 13 21:57:38.179993 2024] [security2:error] [pid 22149:tid 22149] [client 2.57.168.71:32687] [client 2.57.168.71] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.215"] [uri "/database/.env"] [unique_id "ZuTtkgRjUv7HuaFjVdCIiwAAAB0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-01 12:41:39
(1 month ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
nyuuzyou
2024-07-16 16:07:57
(2 months ago)
{"action": "connection", "dest_ip": "0.0.0.0", "dest_port": "3389", "server": "rdp_server", "src_ip" ... show more {"action": "connection", "dest_ip": "0.0.0.0", "dest_port": "3389", "server": "rdp_server", "src_ip": "2.57.168.71", "src_port": "49054", "timestamp": "2024-07-16T12:15:52.105293"} show less
Port Scan
Brute-Force
diego
2024-07-04 13:40:52
(3 months ago)
Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds
DDoS Attack
diego
2024-07-03 00:40:48
(3 months ago)
Events: TCP SYN Discovery or Flooding, Seen 8 times in the last 10800 seconds
DDoS Attack
Anonymous
2024-06-21 02:11:06
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
MAGIC
2024-06-17 04:03:29
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
DDoS Attack
Bad Web Bot
Bad Web Bot
Anonymous
2024-06-15 05:19:40
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
diego
2024-05-22 09:49:10
(4 months ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack