raymarron.com
|
|
/.vscode/sftp.json
/sftp-config.json
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octablocked]
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 18:07:16.627189 2024] [security2:error] [pid 2281778:tid 2281778] [client 35.180.164.33:49738] [client 35.180.164.33] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "realdoctorstories.com"] [uri "/sftp-config.json"] [unique_id "ZzaCpL237luICwa8MQny7QAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 17:51:02.971551 2024] [security2:error] [pid 31245:tid 31245] [client 35.180.164.33:59183] [client 35.180.164.33] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pointillistic.com"] [uri "/redlake-tech//sftp-config.json"] [unique_id "ZzZ-1s4ggsb-UkSkePU2FAAAAA0"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 17:32:50.620445 2024] [security2:error] [pid 29527:tid 29527] [client 35.180.164.33:60683] [client 35.180.164.33] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rahmanou.com"] [uri "/sftp-config.json"] [unique_id "ZzZ6kim-q8gnC0K1TQZoFAAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
ereznet.co.il
|
|
SPAM
|
Brute-Force
|
|
Anonymous
|
|
Restricted File Access Requests
|
Hacking
Brute-Force
|
|
Anonymous
|
|
Infected user bad webscan
|
Exploited Host
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 02:52:12.413903 2024] [security2:error] [pid 3675513:tid 3675513] [client 35.180.164.33:52661] [client 35.180.164.33] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mp3tracks.com"] [uri "/sftp-config.json"] [unique_id "ZzWsLKRnXYL9Xtze1fGz8gAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Fuzzing/Looking for credentials files.
|
Brute-Force
Web App Attack
|
|
kumiko
|
|
[2024-11-14 02:16:33] Probing for dotfiles
"GET /.vscode/sftp.json HTTP/1.1" 403
|
Bad Web Bot
Web App Attack
|
|
FeG Deutschland
|
|
Looking for CMS/PHP/SQL vulnerablilities - 13
|
Exploited Host
Web App Attack
|
|
AvonleaConsulting
|
|
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
|
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.comp ... show more(mod_security) mod_security (id:210492) triggered by 35.180.164.33 (ec2-35-180-164-33.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 19:30:53.450704 2024] [security2:error] [pid 18652:tid 18652] [client 35.180.164.33:65135] [client 35.180.164.33] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "relationshipecology.com"] [uri "/sftp-config.json"] [unique_id "ZzVEvZbcRadujaSYTacbPwAAAAs"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
mnsf
|
|
Too many Status 40X (13)
|
Brute-Force
Web App Attack
|
|