TPI-Abuse
2024-08-25 01:51:14
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.in ... show more (mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.info): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 21:51:06.337531 2024] [security2:error] [pid 1413518:tid 1413518] [client 212.227.136.141:48482] [client 212.227.136.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tvsnotesmagazine.com"] [uri "/.env"] [unique_id "ZsqOClwAOH6wXARSEVFxigAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 21:01:59
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.in ... show more (mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.info): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 17:01:51.957636 2024] [security2:error] [pid 17221:tid 17221] [client 212.227.136.141:58024] [client 212.227.136.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pushingbubbles.com"] [uri "/.env"] [unique_id "ZspKP_-28smB6I9s7A-5rgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-23 03:16:30
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.in ... show more (mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.info): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 23:16:24.655507 2024] [security2:error] [pid 1729416:tid 1729416] [client 212.227.136.141:41056] [client 212.227.136.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "insansevmiyorum.com"] [uri "/.env"] [unique_id "Zsf_CEtwTJaLWy-GOhQ0sAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-22 19:09:24
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.in ... show more (mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.info): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 15:09:20.758766 2024] [security2:error] [pid 23697:tid 23697] [client 212.227.136.141:38162] [client 212.227.136.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "countylockup.org"] [uri "/.env"] [unique_id "ZseM4CV47jEkiUBbjV6h7gAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
sumnone
2024-08-13 18:06:14
(3 weeks ago)
Port probing on unauthorized port 8080
Port Scan
Hacking
Exploited Host
TPI-Abuse
2024-08-13 17:57:47
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.in ... show more (mod_security) mod_security (id:210492) triggered by 212.227.136.141 (s22938511.onlinehome-server.info): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 13:57:43.293976 2024] [security2:error] [pid 26452:tid 26452] [client 212.227.136.141:42134] [client 212.227.136.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.186"] [uri "/.env"] [unique_id "Zruel-5ZjRPW3DITA7qaVQAAAB0"] show less
Brute-Force
Bad Web Bot
Web App Attack
BSG Webmaster
2024-08-13 07:35:16
(3 weeks ago)
Port scanning (Port 80)
Port Scan
Hacking
rkroonen
2024-08-13 01:25:19
(3 weeks ago)
Aug 12 21:25:19 research kernel: [4778984.430290] [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:94:25:14:ad:00: ... show more Aug 12 21:25:19 research kernel: [4778984.430290] [UFW BLOCK] IN=eth0 OUT= MAC=f2:3c:94:25:14:ad:00:00:5e:00:be:ef:08:00 SRC=212.227.136.141 DST=172.105.11.145 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=19321 PROTO=TCP SPT=51183 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 show less
Port Scan
Web App Attack
brantknudson.org
2024-08-12 23:42:19
(3 weeks ago)
Client attempted attack using request path '/.env' to honeypot.
Web App Attack
MPL
2024-08-12 19:59:57
(3 weeks ago)
tcp ports: 8080,80 (3 or more attempts)
Port Scan
MPL
2024-08-12 19:59:57
(3 weeks ago)
tcp/80
Port Scan
RAP
2024-08-12 19:55:51
(3 weeks ago)
2024-08-12 19:55:51 UTC Unauthorized activity to TCP port 8080. Web App
Port Scan
Web App Attack
MortimerCat
2024-08-12 16:35:21
(3 weeks ago)
Attempting to download environment file
Web App Attack
Anonymous
2024-08-12 14:50:06
(3 weeks ago)
Unsollicted Connect (1 Times), to port(s): 80
Port Scan
Bad Web Bot
Web App Attack
polido
2024-08-11 19:08:03
(3 weeks ago)
Unauthorized connection attempt to port 80 from 212.227.136.141
Port Scan