TPI-Abuse
2024-08-13 05:47:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 01:47:48.442890 2024] [security2:error] [pid 8845:tid 8845] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:51201] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.disio.com"] [uri "/.env"] [unique_id "ZrrzhFgCD1MFAB0sPhkziQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
rafamiga
2024-08-13 01:41:00
(1 month ago)
2401:c080:2400:21d8:7077:79f6:ffce:8896:36552 [13/Aug/2024:01:41:28.019] in~~ sp/<NOSRV> 0/-1/-1/-1/ ... show more 2401:c080:2400:21d8:7077:79f6:ffce:8896:36552 [13/Aug/2024:01:41:28.019] in~~ sp/<NOSRV> 0/-1/-1/-1/0 404 182 PR 49/49/0/0/0 {IN|www.*.pl||Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60} "GET https://www.*.pl/wp-content/plugins/WordPressCore/include.php HTTP/2.0"
2401:c080:2400:21d8:7077:79f6:ffce:8896:45970 [13/Aug/2024:01:41:29.690] in~~ sp/<NOSRV> 0/-1/-1/-1/0 404 182 PR 48/48/1/0/0 {IN|www.*.pl||Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60} "GET https://www.*.pl/wp-content/plugins/WordPressCore/include.php HTTP/2.0"
2401:c080:2400:21d8:7077:79f6:ffce:8896:39916 [13/Aug/2024:01:41:30.458] in~~ sp/<NOSRV> 0/-1/-1/-1/0 404 182 PR 50/50/0/0/0 {IN|www.*.pl||Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60} "GET https://www.*.pl/wp-content/plugins/core-plugin/include.php HTTP/2.0" show less
Port Scan
Brute-Force
TPI-Abuse
2024-08-13 00:52:17
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 20:52:09.595239 2024] [security2:error] [pid 1612:tid 1612] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:56648] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.flavornet.org"] [uri "/.env"] [unique_id "ZrquOWWlersrSCbizBtgpgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-12 23:33:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 19:33:50.145133 2024] [security2:error] [pid 28291:tid 28291] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:59983] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.davidnevue.com"] [uri "/.env"] [unique_id "Zrqb3iRk0v_fgZCYowQvDQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
mwgbr
2024-08-12 22:03:22
(1 month ago)
2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown), more than 10 Apache 403 hits in the last 3600 sec ... show more 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown), more than 10 Apache 403 hits in the last 3600 secs; Ports: 80,443,7080,7081; Direction: in; Trigger: LF_APACHE_403; Logs: show less
Port Scan
TPI-Abuse
2024-08-12 19:57:40
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 15:57:30.776888 2024] [security2:error] [pid 19229:tid 19248] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:52605] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.internationalbusinessschool.org"] [uri "/.env"] [unique_id "ZrppKviPayt6uBDBX5oNegAAAQ8"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-08-12 17:32:12
(1 month ago)
2401:c080:2400:21d8:7077:79f6:ffce:8896 - - [12/Aug/2024:20:32:06 +0300] "GET /wp-content/plugins/Wo ... show more 2401:c080:2400:21d8:7077:79f6:ffce:8896 - - [12/Aug/2024:20:32:06 +0300] "GET /wp-content/plugins/WordPressCore/include.php HTTP/1.1" 404 2664 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
2401:c080:2400:21d8:7077:79f6:ffce:8896 - - [12/Aug/2024:20:32:10 +0300] "GET /wp-content/plugins/WordPressCore/include.php HTTP/1.1" 404 2665 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
TPI-Abuse
2024-08-12 15:08:19
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 11:08:14.146109 2024] [security2:error] [pid 6604:tid 6604] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:56335] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ictsl.net"] [uri "/.env"] [unique_id "ZrolXsIxv9FmqlhpDMDxzgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-12 14:48:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 10:48:52.403168 2024] [security2:error] [pid 16088:tid 16088] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:58635] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gamerah.net"] [uri "/.env"] [unique_id "Zrog1A6T7ib_WN9dPfxZsgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
mwgbr
2024-08-12 13:00:04
(1 month ago)
2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown), more than 10 Apache 403 hits
Hacking
TPI-Abuse
2024-08-12 11:59:30
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 07:59:24.299196 2024] [security2:error] [pid 32275:tid 32275] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:54009] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stmaarten-boatcharters.com"] [uri "/.env"] [unique_id "Zrn5HCCcobaEy2-y83X21AAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
SCHAPPY
2024-08-12 11:21:04
(1 month ago)
Bad bot identified by user agent
Bad Web Bot
TPI-Abuse
2024-08-12 10:39:50
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknow ... show more (mod_security) mod_security (id:210492) triggered by 2401:c080:2400:21d8:7077:79f6:ffce:8896 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 06:39:45.280292 2024] [security2:error] [pid 6609:tid 6609] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896:55578] [client 2401:c080:2400:21d8:7077:79f6:ffce:8896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "franklinheatandair.com"] [uri "/.env"] [unique_id "Zrnmcb6HOfmszNNULaztqAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack