Vegascosmetics
2025-01-15 22:52:17
(4 weeks ago)
Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.
Bad Web Bot
uhlhosting
2025-01-14 12:41:39
(1 month ago)
werbeartikeldruck.ch 41.143.200.148 - - [14/Jan/2025:13:09:50.090822 +0100] "GET /.env HTTP/1.1" 403 ... show more werbeartikeldruck.ch 41.143.200.148 - - [14/Jan/2025:13:09:50.090822 +0100] "GET /.env HTTP/1.1" 403 199 "-" "-" Z4ZUDhpbDnY6Go78ifgIVQAAAQE "-" /apache/20250114/20250114-1309/20250114-130950-Z4ZUDhpbDnY6Go78ifgIVQAAAQE 0 1125 md5:484b503e6701b2afa101a0ef3e11ec68
www.werbeartikeldruck.ch 41.143.200.148 - - [14/Jan/2025:13:09:51.306668 +0100] "GET /.env HTTP/1.1" 403 199 "-" "-" Z4ZUD7wJS_pSFij8HIxlwQAAABI "-" /apache/20250114/20250114-1309/20250114-130951-Z4ZUD7wJS_pSFij8HIxlwQAAABI 0 1129 md5:d0272a49499747d2af4a18a658821e32
atec-bb.ch 41.143.200.148 - - [14/Jan/2025:13:34:33.030494 +0100] "GET /.env HTTP/1.1" 403 199 "-" "-" Z4ZZ2bwJS_pSFij8HIxozwAAAA0 "-" /apache/20250114/20250114-1334/20250114-133433-Z4ZZ2bwJS_pSFij8HIxozwAAAA0 0 1114 md5:233314c193740ec15fd0bc264c69543f
www.atec-bb.ch 41.143.200.148 - - [14/Jan/2025:13:34:34.023977 +0100] "GET /.env HTTP/1.1" 403 199 "-" "-" Z4ZZ2hpbDnY6Go78ifgKcAAAAQg "-" /apache/20250114/20250114-1334/20250114-133434-Z4ZZ2hpbDnY6Go78ifgKcAAAA
... show less
DDoS Attack
Brute-Force
Eagle Works GmbH
2025-01-14 12:40:24
(1 month ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
TPI-Abuse
2025-01-14 12:34:26
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 07:34:22.169437 2025] [security2:error] [pid 1872074:tid 1872074] [client 41.143.200.148:63139] [client 41.143.200.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doctorhouse.ch"] [uri "/.env"] [unique_id "Z4ZZzoxkjdhIdtXgW1mPVgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-14 12:17:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 07:17:05.169081 2025] [security2:error] [pid 9989:tid 10373] [client 41.143.200.148:55814] [client 41.143.200.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "humanet.io"] [uri "/.env"] [unique_id "Z4ZVwR9c1ytEA-tyVwqJzAAAAMc"] show less
Brute-Force
Bad Web Bot
Web App Attack
paissangroup
2025-01-14 12:10:48
(1 month ago)
Multiple WAF Violations
Web App Attack
Swiptly
2025-01-14 12:07:48
(1 month ago)
Multiple critical ModSecurity events
...
Web Spam
Bad Web Bot
659761066
2025-01-14 12:02:22
(1 month ago)
...
Port Scan
Hacking
Brute-Force
Exploited Host
Web App Attack
TPI-Abuse
2025-01-14 11:52:32
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 06:52:25.816552 2025] [security2:error] [pid 19051:tid 19051] [client 41.143.200.148:53943] [client 41.143.200.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wastetrack.io"] [uri "/.env"] [unique_id "Z4ZP-d6XdToXPWbJMA1nxAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
CollideTech
2025-01-14 11:31:59
(1 month ago)
Probing wordpress site
Web App Attack
FeG Deutschland
2025-01-14 11:20:12
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 14
Exploited Host
Web App Attack
backslash
2025-01-14 11:15:04
(1 month ago)
block ruleset bad bot: misc bad content F608233CC4C86EE814CE8DDDA9C4A0D3C79882F6
Bad Web Bot
TPI-Abuse
2025-01-14 11:12:51
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.200.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 06:12:48.334224 2025] [security2:error] [pid 3128910:tid 3128910] [client 41.143.200.148:56835] [client 41.143.200.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evolute.io"] [uri "/.env"] [unique_id "Z4ZGsIi3ibhhBlPHUloFXQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2025-01-14 11:12:25
(1 month ago)
[TueJan1412:10:33.7580762025][security2:error][pid3051245:tid3051280][client41.143.200.148:0][client ... show more [TueJan1412:10:33.7580762025][security2:error][pid3051245:tid3051280][client41.143.200.148:0][client41.143.200.148]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"avcolor.ch\"][uri\"/.env\"][unique_id\"Z4ZGKa2mouzQIEhc_0-8BAAAAQc\"][TueJan1412:10:34.9335112025][security2:error][pid2857014:tid2857043][client41.143.200.148:0][client41.143.200.148]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\| show less
Port Scan
Brute-Force
Web App Attack
zynex
2025-01-14 11:11:08
(1 month ago)
URL Probing: /.env
Web App Attack