swrlly
2024-11-06 11:19:07
(2 months ago)
attempt to exploit known webserver vulnerabilities
Web App Attack
TPI-Abuse
2024-11-06 11:13:54
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.co ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 06:13:50.809914 2024] [security2:error] [pid 18034:tid 18034] [client 204.188.228.206:56778] [client 204.188.228.206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.57"] [uri "/.env"] [unique_id "ZytPbrMJHuQ3lchXG23k7AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
whitehoodie
2024-11-06 10:55:43
(2 months ago)
AUTOMATED REPORT: Tried to access .env file
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-06 10:54:24
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.co ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 05:54:20.115247 2024] [security2:error] [pid 29089:tid 29089] [client 204.188.228.206:50460] [client 204.188.228.206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.41"] [uri "/.env"] [unique_id "ZytK3DSQYH9mQ-1IDJAsfwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
KPS
2024-11-06 10:44:46
(2 months ago)
PortscanM
Port Scan
Study Bitcoin 🤗
2024-11-06 10:32:18
(2 months ago)
Port probe to tcp/443 (https)
[srv128]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
MPL
2024-11-06 10:24:12
(2 months ago)
tcp/443 (4 or more attempts)
Port Scan
TPI-Abuse
2024-11-06 10:21:20
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.co ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 05:21:13.537815 2024] [security2:error] [pid 7012:tid 7012] [client 204.188.228.206:46686] [client 204.188.228.206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.113"] [uri "/.env"] [unique_id "ZytDGfVXizwa9YD-AJSa8AAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-06 10:16:02
(2 months ago)
Bot / scanning and/or hacking attempts: GET / HTTP/1.0, GET /.env HTTP/1.1
Hacking
Web App Attack
TPI-Abuse
2024-11-06 10:02:27
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.co ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 05:02:23.332449 2024] [security2:error] [pid 782:tid 952] [client 204.188.228.206:43668] [client 204.188.228.206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.128"] [uri "/.env"] [unique_id "Zys-rzlYNzg2MxjIo35bJgAAAE8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-06 09:44:50
(2 months ago)
2024/11/06 10:44:48 [error] 4037#4037: *3147859 access forbidden by rule, client: 204.188.228.206, s ... show more 2024/11/06 10:44:48 [error] 4037#4037: *3147859 access forbidden by rule, client: 204.188.228.206, server: aide.bobelweb.eu, request: "GET /.env HTTP/1.1", host: "163.172.78.48" show less
Brute-Force
Web App Attack
TPI-Abuse
2024-11-06 09:39:26
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.co ... show more (mod_security) mod_security (id:210492) triggered by 204.188.228.206 (dea26.com.monerrorsdebugged.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 04:39:23.434044 2024] [security2:error] [pid 954362:tid 954362] [client 204.188.228.206:52402] [client 204.188.228.206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.99"] [uri "/.env"] [unique_id "Zys5S1S3wwr6RY61OvysRwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
barbarella
2024-11-06 09:33:43
(2 months ago)
Configuration snooping in .env file (GET /.env)
Hacking
Web App Attack
polido
2024-11-06 09:33:10
(2 months ago)
Unauthorized connection attempt to port 443 from 204.188.228.206
Port Scan
canine.tools
2024-11-06 09:32:25
(2 months ago)
[fail2ban Auto Report] 204.188.228.206 - - [06/Nov/2024:04:32:25 -0500] "GET /.env HTTP/1.1" 301 162 ... show more [fail2ban Auto Report] 204.188.228.206 - - [06/Nov/2024:04:32:25 -0500] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 Keydrop"
... show less
Brute-Force
Web App Attack