๐ฉ๐ช
sdos.es
2023-05-09 13:52:14
(3 years ago)
"Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aw ...
show more
"Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2023-05-08 02:12:11
(3 years ago)
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-07 00:04:50 / ...
show more
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-07 00:04:50 /_phpinfo.php
2023-05-07 00:04:48 /.aws/credentials
2023-05-07 00:04:05 /
2023-05-07 00:04:52 /admin/dashboard/info.php
2023-05-07 00:03:37 /
2023-05-07 00:04:47 /index.js
2023-05-07 00:04:53 /admin/phpinfo.php
2023-05-07 00:04:49 /.wp-config.php.swp
2023-05-07 00:04:54 /api/phpinfo.php
show less
Web App Attack
๐ฌ๐ง
sdos.es
2023-05-07 00:01:36
(3 years ago)
"URL file extension is restricted by policy - .ini"
Web App Attack
๐จ๐ณ
ThreatBook.io
2023-05-06 02:17:19
(3 years ago)
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-05 01:12:59 / ...
show more
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-05 01:12:59 /
2023-05-05 01:14:04 /.aws/credentials
2023-05-05 01:14:04 /.wp-config.php.swp
2023-05-05 01:14:05 /admin/dashboard/info.php
2023-05-05 01:12:32 /
2023-05-05 01:14:04 /index.js
show less
Web App Attack
๐บ๐ธ
myagent.site
2023-05-05 21:52:00
(3 years ago)
Blocking for trying to access an exploit file: /api/phpinfo.php
Hacking
๐ฌ๐ง
blik2108
2023-05-05 14:14:02
(3 years ago)
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:01 +0100] "GET /wp-config.php HTTP/1.1" 2 ...
show more
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:01 +0100] "GET /wp-config.php HTTP/1.1" 200 5409 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36"
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:01 +0100] "GET /wp-config.php. HTTP/1.1" 200 5409 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36"
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:02 +0100] "GET /wp-config.php.bak HTTP/1.1" 200 5409 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36"
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:02 +0100] "GET /wp-config.php.bk HTTP/1.1" 200 5409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
beta.sleepylizard.com:443 52.2.19.0 - - [05/May/2023:15:14:02 +0100] "GET /wp-config.php.or
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
octageeks.com
2023-05-05 04:06:22
(3 years ago)
Wordpress malicious attack:[octablocked]
Web App Attack
๐ธ๐ฌ
Sofibox Cyberwatch
2023-05-04 06:35:14
(3 years ago)
[bad_ip: 52.2.19.0:36436 [alert_level: Medium Risk [target_port: 443 [class: Generic Protocol Comman ...
show more
[bad_ip: 52.2.19.0:36436 [alert_level: Medium Risk [target_port: 443 [class: Generic Protocol Command Decode [msg: SURICATA STREAM TIMEWAIT ACK with wrong seq [virustotal: malicious [cidr_net24: ip-is-not-found [(C) Arafat Ali @ arafatx.com
show less
Hacking
๐บ๐ธ
Shouddy Tarano
2023-05-03 22:09:04
(3 years ago)
[Wed May 03 18:04:44.553367 2023] [authz_core:error] [pid 882351:tid 882526] [client 52.2.19.0:59204 ...
show more
[Wed May 03 18:04:44.553367 2023] [authz_core:error] [pid 882351:tid 882526] [client 52.2.19.0:59204] AH01630: client denied by server configuration: /var/www/html/
[Wed May 03 18:09:03.282679 2023] [authz_core:error] [pid 882353:tid 882477] [client 52.2.19.0:44922] AH01630: client denied by server configuration: /var/www/html/index.js
[Wed May 03 18:09:03.350471 2023] [authz_core:error] [pid 882353:tid 882495] [client 52.2.19.0:44928] AH01630: client denied by server configuration: /var/www/html/.aws
[Wed May 03 18:09:03.419418 2023] [authz_core:error] [pid 882528:tid 882560] [client 52.2.19.0:44944] AH01630: client denied by server configuration: /var/www/html/.wp-config.php.swp
[Wed May 03 18:09:03.510486 2023] [authz_core:error] [pid 882351:tid 882510] [client 52.2.19.0:44956] AH01630: client denied by server configuration: /var/www/html/_phpinfo.php
...
show less
DDoS Attack
Web Spam
Brute-Force
Web App Attack
๐บ๐ธ
ogbc-admin
2023-05-02 22:48:05
(3 years ago)
[Tue May 02 17:48:03.875884 2023] [proxy_fcgi:error] [pid 2544259:tid 139682260182784] [client 52.2. ...
show more
[Tue May 02 17:48:03.875884 2023] [proxy_fcgi:error] [pid 2544259:tid 139682260182784] [client 52.2.19.0:33830] AH01071: Got error 'Primary script unknown'
[Tue May 02 17:48:04.305078 2023] [proxy_fcgi:error] [pid 2544259:tid 139682235004672] [client 52.2.19.0:33882] AH01071: Got error 'Primary script unknown'
[Tue May 02 17:48:04.746565 2023] [proxy_fcgi:error] [pid 2542915:tid 139681857529600] [client 52.2.19.0:33922] AH01071: Got error 'Primary script unknown'
[Tue May 02 17:48:04.917405 2023] [proxy_fcgi:error] [pid 2542915:tid 139681261942528] [client 52.2.19.0:33930] AH01071: Got error 'Primary script unknown'
[Tue May 02 17:48:05.005795 2023] [proxy_fcgi:error] [pid 2542915:tid 139682642401024] [client 52.2.19.0:33944] AH01071: Got error 'Primary script unknown'
...
show less
Brute-Force
Web App Attack
๐ฌ๐ง
Apache
2023-05-02 11:57:50
(3 years ago)
(mod_security) mod_security (id:210492) triggered by 52.2.19.0 (US/United States/ec2-52-2-19-0.compu ...
show more
(mod_security) mod_security (id:210492) triggered by 52.2.19.0 (US/United States/ec2-52-2-19-0.compute-1.amazonaws.com): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
๐ฌ๐ง
Artelis
2023-05-02 03:03:23
(3 years ago)
52.2.19.0 - - [02/May/2023:02:52:48 +0000] "GET /.wp-config.php.swp HTTP/1.1" 404 193 "-" "Mozilla/5 ...
show more
52.2.19.0 - - [02/May/2023:02:52:48 +0000] "GET /.wp-config.php.swp HTTP/1.1" 404 193 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F"
52.2.19.0 - - [02/May/2023:02:52:48 +0000] "GET /_phpinfo.php HTTP/1.1" 404 193 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36"
52.2.19.0 - - [02/May/2023:03:03:20 +0000] "GET /.env~ HTTP/1.1" 404 193 "-" "Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
52.2.19.0 - - [02/May/2023:03:03:20 +0000] "GET /.gitlab-ci/.env HTTP/1.1" 404 193 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36"
52.2.19.0 - - [02/May/2023:03:03:20 +0000] "GET /.s3cfg HTTP/1.1" 404 193 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36"
52.2.19.0 - - [02/May/2023:03:03
...
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2023-05-02 02:20:17
(3 years ago)
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-01 05:12:43 / ...
show more
ThreatBook Intelligence: IDC more details on http://threatbook.io/ip/52.2.19.0
2023-05-01 05:12:43 /admin/dashboard/info.php
2023-05-01 05:00:34 /
2023-05-01 05:12:41 /index.js
2023-05-01 05:12:43 /_phpinfo.php
2023-05-01 05:12:42 /.aws/credentials
2023-05-01 05:12:42 /.wp-config.php.swp
show less
Web App Attack
๐ธ๐ฌ
tommygod.ddns.net
2023-05-01 12:50:29
(3 years ago)
[01/May/2023:12:39:44 +0000] ZE-zENgYpbVd_wpOs1fV1AAAAAI 52.2.19.0 60844 172.104.34.116 443
[01/May/ ...
show more
[01/May/2023:12:39:44 +0000] ZE-zENgYpbVd_wpOs1fV1AAAAAI 52.2.19.0 60844 172.104.34.116 443
[01/May/2023:12:50:22 +0000] ZE-1joUdxBx6IT9_6S46lgAAAAM 52.2.19.0 37616 172.104.34.116 443
[01/May/2023:12:50:23 +0000] ZE-1jw415ynP0WGmwuDDfAAAAAE 52.2.19.0 37628 172.104.34.116 443
[01/May/2023:12:50:24 +0000] ZE-1kE9jSvoyZoemaBJtegAAAAQ 52.2.19.0 37634 172.104.34.116 443
[01/May/2023:12:50:24 +0000] ZE-1kNgYpbVd_wpOs1fV1QAAAAI 52.2.19.0 37646 172.104.34.116 443
[01/May/2023:12:50:25 +0000] ZE-1kW1X1WEF07o547AThQAAAAU 52.2.19.0 37650 172.104.34.116 443
[01/May/2023:12:50:26 +0000] ZE-1ksrQEKcILJp_HDuOjwAAAAA 52.2.19.0 37666 172.104.34.116 443
[01/May/2023:12:50:27 +0000] ZE-1kxkOzNpap16126ws5QAAAB4 52.2.19.0 37674 172.104.34.116 443
[01/May/2023:12:50:27 +0000] ZE-1k9e_cxuHjTsn0mBU3gAAAAY 52.2.19.0 37688 172.104.34.116 443
[01/May/2023:12:50:28 +0000] ZE-1lIUdxBx6IT9_6S46lwAAAAM 52.2.19.0 55648 172.104.34.116 443
show less
SQL Injection
Brute-Force
๐ณ๐ฑ
Pornomens
2023-04-30 21:46:16
(3 years ago)
52.2.19.0 - - [30/Apr/2023:23:43:18 +0200] "HEAD / HTTP/1.1" 403 5522 "-" "Mozilla/5.0 (Macintosh; I ...
show more
52.2.19.0 - - [30/Apr/2023:23:43:18 +0200] "HEAD / HTTP/1.1" 403 5522 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36"
52.2.19.0 - - [30/Apr/2023:23:46:15 +0200] "GET /index.js HTTP/1.1" 403 5880 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36"
52.2.19.0 - - [30/Apr/2023:23:46:15 +0200] "GET /.aws/credentials HTTP/1.1" 403 5880 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36"
...
show less
Web App Attack