HERA - Operations
2024-09-19 03:17:29
(1 month ago)
herrmann - searching for vulnerable scripts: config 2024/09/19 05:17:29
Web App Attack
HeliJP
2024-09-19 03:16:23
(1 month ago)
2024-09-19T03:15:36Z - Recognized attacks\bad behavior from IP address 200.33.79.105 on port 443\80 ... show more 2024-09-19T03:15:36Z - Recognized attacks\bad behavior from IP address 200.33.79.105 on port 443\80 (3 daily hits): Restricted File Access Attempt, HTTP header is restricted by policy (/accept-charset/), Request Missing an Accept Header show less
Hacking
Web App Attack
TPI-Abuse
2024-09-19 02:55:47
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 22:55:42.320846 2024] [security2:error] [pid 3502348:tid 3502348] [client 200.33.79.105:51650] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "groomattheinn.com"] [uri "/.git/config"] [unique_id "ZuuSrmGmzHoR03WlAn78HwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-19 01:11:49
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 21:11:42.862985 2024] [security2:error] [pid 29895:tid 29895] [client 200.33.79.105:59312] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dulcebebe.net"] [uri "/.git/config"] [unique_id "Zut6Tlv8QLgHvud8nhLE1gAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-19 00:23:57
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 20:23:50.379717 2024] [security2:error] [pid 873:tid 873] [client 200.33.79.105:37360] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cuulco.com"] [uri "/.git/config"] [unique_id "ZutvFlMG321iVTRklszoZwAAACI"] show less
Brute-Force
Bad Web Bot
Web App Attack
polycoda
2024-09-19 00:10:52
(1 month ago)
⌨️ Probes for /.git/config everywhere
Hacking
Web App Attack
TPI-Abuse
2024-09-18 23:59:46
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 19:59:39.356095 2024] [security2:error] [pid 920814:tid 920884] [client 200.33.79.105:45448] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradosellers.com"] [uri "/.git/config"] [unique_id "Zutpay2ZDbqz2JQbvuGQNQAAAVU"] show less
Brute-Force
Bad Web Bot
Web App Attack
HERA - Operations
2024-09-18 23:53:07
(1 month ago)
club-herrmann - searching for vulnerable scripts: config 2024/09/19 01:53:07
Web App Attack
TPI-Abuse
2024-09-18 23:09:52
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 19:09:43.755137 2024] [security2:error] [pid 10730:tid 10730] [client 200.33.79.105:34888] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bvidisplay.com"] [uri "/.git/config"] [unique_id "ZutdtyzHakJhyLH3wJ3AXQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
SilverZippo
2024-09-18 22:53:08
(1 month ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-09-18 22:36:25
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 18:36:21.280425 2024] [security2:error] [pid 959:tid 959] [client 200.33.79.105:49168] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "biorregulador.com"] [uri "/.git/config"] [unique_id "ZutV5WL7oDfOp9zmrLApOQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-18 22:14:20
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 18:14:14.369954 2024] [security2:error] [pid 24780:tid 24780] [client 200.33.79.105:40936] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayoutown.com"] [uri "/.git/config"] [unique_id "ZutQtvxxUoSth3HjV8tghQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
FeG Deutschland
2024-09-18 21:52:01
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
TPI-Abuse
2024-09-18 21:50:32
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 200.33.79.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 17:50:28.316197 2024] [security2:error] [pid 8055:tid 8055] [client 200.33.79.105:33542] [client 200.33.79.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "atthespeedofchange.com"] [uri "/.git/config"] [unique_id "ZutLJIYHGz-sAh4YZf9KJgAAAB8"] show less
Brute-Force
Bad Web Bot
Web App Attack
HERA - Operations
2024-09-18 21:34:22
(1 month ago)
argeforum - searching for vulnerable scripts: config 2024/09/18 23:34:22
Web App Attack