Anonymous
2024-12-01 05:55:27
(6 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-01 05:44:48
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:44:40.059420 2024] [security2:error] [pid 10525:tid 10525] [client 3.121.220.82:39214] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.certifiedfarmersmarkets.org"] [uri "/.env"] [unique_id "Z0v3yG_xvRPHsCamY5tJUgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
BlueWire Hosting
2024-12-01 05:10:39
(6 days ago)
Scanning for Laravel vulnerabilities
Web App Attack
TPI-Abuse
2024-12-01 05:10:10
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:10:05.184672 2024] [security2:error] [pid 2141:tid 2141] [client 3.121.220.82:45742] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.modernsalesforce.com"] [uri "/.env"] [unique_id "Z0vvrdIprUiFSTcdJFPqLgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
kumiko
2024-12-01 05:08:04
(6 days ago)
[2024-12-01 05:08:03] Probing for dotfiles
"GET /.env HTTP/1.1" 301
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 04:34:19
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 23:34:11.831121 2024] [security2:error] [pid 22760:tid 22800] [client 3.121.220.82:40512] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.zoomtexas.com"] [uri "/.env"] [unique_id "Z0vnQ1FYexX5m73gytkHfAAAAEU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 03:56:54
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 22:56:46.525280 2024] [security2:error] [pid 619254:tid 619254] [client 3.121.220.82:34912] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.samanthasomers.com"] [uri "/.env"] [unique_id "Z0vefl-e4m1CV74yHh2N8wAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Bedios GmbH
2024-12-01 00:04:33
(1 week ago)
Login credentials theft attempt
Hacking
TPI-Abuse
2024-12-01 00:03:09
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 19:03:01.824794 2024] [security2:error] [pid 20260:tid 20260] [client 3.121.220.82:56668] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.seacorre.de"] [uri "/.env"] [unique_id "Z0untY2-9mPKgYau0GGeMAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
FeG Deutschland
2024-11-30 23:32:48
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities - 12345671011
Exploited Host
Web App Attack
TPI-Abuse
2024-11-30 23:32:15
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.com ... show more (mod_security) mod_security (id:210492) triggered by 3.121.220.82 (ec2-3-121-220-82.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 18:32:10.974298 2024] [security2:error] [pid 15478:tid 15478] [client 3.121.220.82:53334] [client 3.121.220.82] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.ds12bonn.de"] [uri "/.env"] [unique_id "Z0ugeswh7xLoJP8AAs7PowAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack