axllent
2024-11-12 20:55:16
(3 weeks ago)
Scanning for exploits - /.env
Web App Attack
etu brutus
2024-11-12 19:47:14
(3 weeks ago)
209.97.161.102 Blocked by [Attack Vector List]
...
Hacking
Brute-Force
Exploited Host
yukon.ca
2024-11-12 15:44:05
(3 weeks ago)
Web Server Enforcement Violation: Web Server Exposed Git Repository Information Disclosure
Por ... show more Web Server Enforcement Violation: Web Server Exposed Git Repository Information Disclosure
Port:80 show less
Hacking
Exploited Host
TPI-Abuse
2024-11-12 14:16:40
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 09:16:36.701134 2024] [security2:error] [pid 29546:tid 29546] [client 209.97.161.102:51756] [client 209.97.161.102] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gamepart.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gamepart.com"] [uri "/home/tancedi1/gamepart.com"] [unique_id "ZzNjRDQsP5uxpE_GQT1EkgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 13:10:17
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 08:10:13.117117 2024] [security2:error] [pid 14383:tid 14409] [client 209.97.161.102:49208] [client 209.97.161.102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gamecrazy.us"] [uri "/.env"] [unique_id "ZzNTta7fxNbkfjXZ27VSbwAAAVY"] show less
Brute-Force
Bad Web Bot
Web App Attack
quicksand
2024-11-12 09:13:32
(3 weeks ago)
Malicious URI path & DigitalOcean User Agent Spoofing [GET /.env] [Mozilla/5.0 (Windows NT 10.0; Win ... show more Malicious URI path & DigitalOcean User Agent Spoofing [GET /.env] [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4859.172 Safari/537.36] show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 08:02:03
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 03:01:55.725585 2024] [security2:error] [pid 4023495:tid 4023495] [client 209.97.161.102:57162] [client 209.97.161.102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galil.passy.us"] [uri "/.env"] [unique_id "ZzMLc0DOZumGumf-UrX1RAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-12 07:52:40
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
paissangroup
2024-11-12 07:52:30
(3 weeks ago)
Multiple WAF Violations
Web App Attack
Anonymous
2024-11-12 07:15:35
(3 weeks ago)
Bot / scanning and/or hacking attempts: GET /assets/backend/plugins/jquery-file-upload/server/php HT ... show more Bot / scanning and/or hacking attempts: GET /assets/backend/plugins/jquery-file-upload/server/php HTTP/, [1/1] done, GET /assets/kcfinder/upload.php HTTP/1.1, GET /tinymce/plugins/filemanager/dialog.php HTTP/2.0, GET /.env HTTP/1.1, GET /assets/backend/plugins/jquery-file-upload/server/php/ HTTP, GET /filemanager/filemanager/dialog.php HTTP/1.1, GET /plugins/jquery-file-upload/server/php/ HTTP/1.1, GET /plugins/jquery-file-upload/server/php HTTP/2.0, GET /.env HTTP/2.0, GET /js/kcfinder/upload.php HTTP/1.1 show less
Hacking
Web App Attack
Lacrimosa99
2024-11-12 07:07:34
(3 weeks ago)
209.97.161.102 - - [12/Nov/2024:08:07:27 +0100] "GET /filemanager/dialog.php HTTP/2.0" 404 275 "-" " ... show more 209.97.161.102 - - [12/Nov/2024:08:07:27 +0100] "GET /filemanager/dialog.php HTTP/2.0" 404 275 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4859.172 Safari/537.36"
209.97.161.102 - - [12/Nov/2024:08:07:31 +0100] "GET /assets/filemanager/dialog.php HTTP/2.0" 404 275 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4859.172 Safari/537.36"
209.97.161.102 - - [12/Nov/2024:08:07:33 +0100] "GET /assets/plugins/filemanager/dialog.php HTTP/2.0" 404 275 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4859.172 Safari/537.36"
... show less
Web Spam
Sklurk
2024-11-12 07:04:41
(3 weeks ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-11-12 06:04:57
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 01:04:49.780778 2024] [security2:error] [pid 22350:tid 22350] [client 209.97.161.102:60178] [client 209.97.161.102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galego.anxo.org"] [uri "/.env"] [unique_id "ZzLwAY1W_lzTeSxI9m1Y-QAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 05:43:04
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.97.161.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 00:42:55.551221 2024] [security2:error] [pid 22211:tid 22211] [client 209.97.161.102:53862] [client 209.97.161.102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.galaxyretro.com"] [uri "/.env"] [unique_id "ZzLq31wypvWWoWokPatEvQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
nv
2024-11-12 05:30:31
(3 weeks ago)
209.97.161.102 - - [12/Nov/2024:06:30:30 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windo ... show more 209.97.161.102 - - [12/Nov/2024:06:30:30 +0100] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4859.172 Safari/537.36" show less
Web App Attack