el-brujo
2024-11-25 03:12:54
(1 month ago)
25/Nov/2024:04:12:53.543479 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 25/Nov/2024:04:12:53.543479 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 204.188.228.135] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "91.126.30.243"] [uri "/.env"] [unique_id "Z0PrNU82MkjcDMAp7rXwqAAAAw0"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-11-25 03:00:14
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 22:00:08.600662 2024] [security2:error] [pid 25588:tid 25588] [client 204.188.228.135:34084] [client 204.188.228.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.138"] [uri "/.env"] [unique_id "Z0PoOPFDNUL0HrrguVG05QAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-25 02:46:28
(1 month ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-25 02:41:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 21:41:26.213317 2024] [security2:error] [pid 9833:tid 9833] [client 204.188.228.135:41794] [client 204.188.228.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.239"] [uri "/.env"] [unique_id "Z0Pj1nRtyQ_NLe5VN6Qi9gAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-11-25 02:29:14
(1 month ago)
Events: TCP SYN Discovery or Flooding, Seen 10 times in the last 10800 seconds
DDoS Attack
TPI-Abuse
2024-11-25 02:25:13
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 21:25:08.939420 2024] [security2:error] [pid 12076:tid 12076] [client 204.188.228.135:56986] [client 204.188.228.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.12"] [uri "/.env"] [unique_id "Z0PgBAG1PK94L1Cwoo8aXAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
afleventoffice.com.au
2024-11-24 16:21:59
(1 month ago)
GET /.env HTTP/1.1
Web App Attack
service Informatique
2024-11-11 04:00:37
(2 months ago)
GET /.env
Web App Attack
LTM
2024-11-10 07:20:01
(2 months ago)
WebServer - Attempts to exploit
Hacking
Brute-Force
Web App Attack
Study Bitcoin 🤗
2024-11-10 06:22:24
(2 months ago)
Port probe to tcp/443 (https)
[srv129]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
dzpk
2024-11-10 05:48:52
(2 months ago)
204.188.228.135 - - [10/Nov/2024:06:48:51 +0100] "GET /.env HTTP/1.1" 400 248 "-" "Mozilla/5.0 Keydr ... show more 204.188.228.135 - - [10/Nov/2024:06:48:51 +0100] "GET /.env HTTP/1.1" 400 248 "-" "Mozilla/5.0 Keydrop" show less
Web App Attack
TPI-Abuse
2024-11-10 05:47:08
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 00:47:00.893460 2024] [security2:error] [pid 18309:tid 18309] [client 204.188.228.135:49298] [client 204.188.228.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.172"] [uri "/.env"] [unique_id "ZzBI1KWhhe_HwI-iy5NtGgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Bedios GmbH
2024-11-10 05:35:21
(2 months ago)
Login credentials theft attempt
Hacking
Anonymous
2024-11-10 05:24:31
(2 months ago)
Try to connect to Port_Scan_443_tcp
Port Scan
TPI-Abuse
2024-11-10 05:01:29
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.135 (wq15.rainraingoaway.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 00:01:22.442925 2024] [security2:error] [pid 26794:tid 26812] [client 204.188.228.135:52706] [client 204.188.228.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.22"] [uri "/.env"] [unique_id "ZzA-Iq7q6Qd67c0ddLiG3wAAAI0"] show less
Brute-Force
Bad Web Bot
Web App Attack