Little Iguana
2024-12-02 19:49:16
(6 days ago)
Attempt to hack Wordpress Login, XMLRPC or other login
Hacking
BlueWire Hosting
2024-12-01 15:10:14
(1 week ago)
Scanning for Laravel vulnerabilities
Web App Attack
Progetto1
2024-12-01 05:48:02
(1 week ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
TPI-Abuse
2024-12-01 05:44:28
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:44:19.823009 2024] [security2:error] [pid 7194:tid 7194] [client 35.158.200.200:33562] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.scoretopicturenetwork.com"] [uri "/.env"] [unique_id "Z0v3sypqM4dSiPQibbbemwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Ba-Yu
2024-12-01 05:44:25
(1 week ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
Anonymous
2024-12-01 05:25:48
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-01 05:08:10
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 00:08:02.989406 2024] [security2:error] [pid 8057:tid 8057] [client 35.158.200.200:57580] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.cortona.ws"] [uri "/.env"] [unique_id "Z0vvMvCVr0DTP51Kn8jvsAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 04:34:15
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 23:34:11.630788 2024] [security2:error] [pid 1071518:tid 1071518] [client 35.158.200.200:45764] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.stpny.com"] [uri "/.env"] [unique_id "Z0vnQ04cLeHmKJHf_bV47gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 03:57:37
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 22:57:28.305028 2024] [security2:error] [pid 13995:tid 14001] [client 35.158.200.200:46778] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.gretebellamy.com"] [uri "/.env"] [unique_id "Z0veqFfuVnHnkTW43yimsAAAAIQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 02:27:36
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:27:31.908239 2024] [security2:error] [pid 21419:tid 21455] [client 35.158.200.200:50266] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "findanythingonanyone.com.richardleeweatherman.com"] [uri "/.env"] [unique_id "Z0vJk_EM4qr0f-DiCcU2CAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TheMadBeaker
2024-12-01 02:06:16
(1 week ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
TPI-Abuse
2024-12-01 02:02:24
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1 ... show more (mod_security) mod_security (id:210492) triggered by 35.158.200.200 (ec2-35-158-200-200.eu-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 21:02:16.591891 2024] [security2:error] [pid 18745:tid 18745] [client 35.158.200.200:57362] [client 35.158.200.200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "firejasstrio.com"] [uri "/.env"] [unique_id "Z0vDqAMgVEMTHRB4EiOfQQAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
iNetWorker
2024-12-01 01:27:50
(1 week ago)
trolling for resource vulnerabilities
Web App Attack
Mr-Money
2024-12-01 01:18:11
(1 week ago)
35.158.200.200 - - [01/Dec/2024:02:18:10 +0100] "GET /.env HTTP/1.1" 404 3491 "-" "Mozilla/5.0 (X11; ... show more 35.158.200.200 - - [01/Dec/2024:02:18:10 +0100] "GET /.env HTTP/1.1" 404 3491 "-" "Mozilla/5.0 (X11; Linux x86_64)"
... show less
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
Markus Woegerbauer
2024-12-01 01:14:20
(1 week ago)
(mod_security) mod_security triggered on hostname [redacted] 35.158.200.200 (DE/Germany/ec2-35-158-2 ... show more (mod_security) mod_security triggered on hostname [redacted] 35.158.200.200 (DE/Germany/ec2-35-158-200-200.eu-central-1.compute.amazonaws.com) show less
SQL Injection