DAILYKANBAN.COM
2024-01-25 16:03:58
(11 months ago)
(mod_security) mod_security (id:1000001) triggered by 216.73.161.180 (US/United States/-): 2 in the ... show more (mod_security) mod_security (id:1000001) triggered by 216.73.161.180 (US/United States/-): 2 in the last 600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Thu Jan 25 16:03:54.699319 2024] [security2:error] [pid 3148779:tid 23321590179584] [client 216.73.161.180:34315] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/text.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "9"] [id "1000001"] [msg "Restricted File Probe"] [data "Matched Data: /text.php found within REQUEST_URI"] [severity "CRITICAL"] [tag "paranoia-level/2"] [hostname "alfred.innerindustry.com"] [uri "/text.php"] [unique_id "ZbKGar9ijvPhn15OdSWUzgAAAEQ"]
[Thu Jan 25 16:03:56.801153 2024] [security2:error] [pid 3148779:tid 23321590179584] [client 216.73.161.180:34315] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/dropdown.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] show less
Web App Attack
mawan
2024-01-19 02:23:46
(1 year ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
mnsf
2024-01-18 18:08:06
(1 year ago)
Too many Status 40X (34)
Brute-Force
Web App Attack
Buster
2024-01-07 23:14:08
(1 year ago)
Repeated script kiddie mass distributed attack attempts on multiple sites from Perm Blocked Extremel ... show more Repeated script kiddie mass distributed attack attempts on multiple sites from Perm Blocked Extremely High Risk ASN and country: show less
Open Proxy
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-01-07 10:46:40
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 07 05:46:32.165849 2024] [security2:error] [pid 6923] [client 216.73.161.180:11781] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artsafloat.com"] [uri "/local/.env"] [unique_id "ZZqBCOsvw69g2QJBSlvPSgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 08:40:47
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 07 03:40:41.477881 2024] [security2:error] [pid 17268] [client 216.73.161.180:3495] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "del-moral.com"] [uri "/.env"] [unique_id "ZZpjiZsKrolvloIDAfVIngAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 07:40:44
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 07 02:40:36.980149 2024] [security2:error] [pid 17639:tid 47760149272320] [client 216.73.161.180:50353] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.24"] [uri "/.env"] [unique_id "ZZpVdEPFqP-fNkp4N8mvzwAAAMs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 06:11:27
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 07 01:11:20.093106 2024] [security2:error] [pid 968] [client 216.73.161.180:31893] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.56"] [uri "/core/.env"] [unique_id "ZZpAiO8WMii02np46ND3tgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 03:24:22
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 06 22:24:03.406178 2024] [security2:error] [pid 26344] [client 216.73.161.180:64625] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrpinman.com"] [uri "/application/.env"] [unique_id "ZZoZU0CNNipEXafOn5HdiwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 03:00:27
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 06 22:00:10.765138 2024] [security2:error] [pid 11027:tid 47863264470784] [client 216.73.161.180:61763] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "omniuscorp.com"] [uri "/.env.save"] [unique_id "ZZoTumjYFG5F-zxJlo0HBAAAARA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 00:44:36
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 06 19:44:29.055928 2024] [security2:error] [pid 1470] [client 216.73.161.180:39283] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hills-tax.com"] [uri "/core/.env"] [unique_id "ZZnz7Qd6eU2XclEXniVEEQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-07 00:24:13
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 06 19:24:04.631382 2024] [security2:error] [pid 5385:tid 47216982320896] [client 216.73.161.180:20329] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aliqsha.com"] [uri "/app/.env"] [unique_id "ZZnvJOzFkEge1YT72S-aLAAAARg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-06 22:57:14
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.73.161.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 06 17:57:03.572805 2024] [security2:error] [pid 25734] [client 216.73.161.180:38285] [client 216.73.161.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "louiemobilemixology.com"] [uri "/application/.env"] [unique_id "ZZnavyv07jjfD8oZ0kE8wwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Largnet SOC
2024-01-06 16:01:04
(1 year ago)
216.73.161.180 triggered Icarus honeypot on port 3389. Check us out on github.
Port Scan
Hacking
Anonymous
2023-12-29 14:03:30
(1 year ago)
Aggressive web scan
Web App Attack