AvonleaConsulting
2024-12-03 23:57:56
(1 month ago)
Attempts to probe web pages for vulnerable PHP or other applications
Web App Attack
mnsf
2024-12-03 03:11:13
(1 month ago)
Too many Status 40X (12)
Brute-Force
Web App Attack
Epimetheus
2024-12-03 02:22:05
(1 month ago)
Unauthorized access attempts:
From:
35.180.156.249
Method:
H ... show more Unauthorized access attempts:
From:
35.180.156.249
Method:
HTTPS GET
URI Path:
/.git/HEAD
UA:
"Mozilla/5.0 (X11; Linux x86_64)" show less
Web App Attack
AvonleaConsulting
2024-12-03 01:48:24
(1 month ago)
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
Bad Web Bot
Web App Attack
Anonymous
2024-12-03 01:40:56
(1 month ago)
Restricted File Access Requests
Hacking
Brute-Force
TPI-Abuse
2024-12-03 01:39:18
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.co ... show more (mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 20:39:12.943850 2024] [security2:error] [pid 11003:tid 11003] [client 35.180.156.249:35214] [client 35.180.156.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.esa-nne.org"] [uri "/.git/"] [unique_id "Z05hQOczbcu_xc9UWYfbjQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-03 01:23:30
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.co ... show more (mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 20:23:24.055130 2024] [security2:error] [pid 3392714:tid 3392714] [client 35.180.156.249:40474] [client 35.180.156.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.railsolutionsmexico.com"] [uri "/.git/"] [unique_id "Z05djCdlSGDESJ8rFs-pvAAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
ipoac.nl
2024-12-03 00:58:30
(1 month ago)
***:443 35.180.156.249 - - [03/Dec/2024:01:58:29 +0100] *** "GET /.git/ HTTP/1.1" 404 38733 "-" "Moz ... show more ***:443 35.180.156.249 - - [03/Dec/2024:01:58:29 +0100] *** "GET /.git/ HTTP/1.1" 404 38733 "-" "Mozilla/5.0 (X11; Linux x86_64)" show less
Bad Web Bot
TPI-Abuse
2024-12-03 00:10:45
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.co ... show more (mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 19:10:39.794055 2024] [security2:error] [pid 15656:tid 15656] [client 35.180.156.249:53082] [client 35.180.156.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.skulldump.com"] [uri "/.git/"] [unique_id "Z05Mf4qi_8RDeeXEFXJlyAAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-02 23:59:58
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
mxbl
2024-12-02 23:50:54
(1 month ago)
Scanning for CMS vulnerabilities on a non-CMS system: /.git/
Web App Attack
TPI-Abuse
2024-12-02 23:46:41
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.co ... show more (mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 18:46:35.314749 2024] [security2:error] [pid 2033672:tid 2033672] [client 35.180.156.249:34942] [client 35.180.156.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.debzy.com"] [uri "/.git/"] [unique_id "Z05G26CCZxj5gVkod8UJJgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
mashamal
2024-12-02 23:38:39
(1 month ago)
Vulnerability Probe
...
Web App Attack
TPI-Abuse
2024-12-02 23:29:40
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.co ... show more (mod_security) mod_security (id:210492) triggered by 35.180.156.249 (ec2-35-180-156-249.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 18:29:36.797674 2024] [security2:error] [pid 6353:tid 6353] [client 35.180.156.249:55278] [client 35.180.156.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.wandathelittlestwizard.com"] [uri "/.git/"] [unique_id "Z05C4B86EdxpIKzY-oKEzwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
ALPHANET
2024-12-02 23:25:02
(1 month ago)
web exploits
Hacking
Exploited Host
Web App Attack