Savvii
2024-08-09 14:07:37
(4 weeks ago)
21 attempts against mh-misbehave-ban on pea
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-08-09 12:27:20
(4 weeks ago)
20 attempts against mh-misbehave-ban on bean
Brute-Force
Bad Web Bot
Web App Attack
polycoda
2024-08-09 12:20:00
(4 weeks ago)
Probes for /.env files everywhere
Hacking
Web App Attack
Apache
2024-08-09 11:44:10
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 54.224.207.105 (US/United States/ec2-54-224-207 ... show more (mod_security) mod_security (id:210492) triggered by 54.224.207.105 (US/United States/ec2-54-224-207-105.compute-1.amazonaws.com): 5 in the last 300 secs show less
Brute-Force
Web App Attack
Savvii
2024-08-09 11:28:56
(4 weeks ago)
20 attempts against mh-misbehave-ban on melon
Brute-Force
Bad Web Bot
Web App Attack
Starburst SysOp Team
2024-08-09 08:22:00
(4 weeks ago)
[Fri Aug 09 08:22:11.579116 2024] [:error] [pid 884724:tid 884835] [client 54.224.207.105:49911] [cl ... show more [Fri Aug 09 08:22:11.579116 2024] [:error] [pid 884724:tid 884835] [client 54.224.207.105:49911] [client 54.224.207.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "-"] [uri "/.env"] [unique_id "ZrXRs9hy2bJMB5lQeBhkEAAAAIU"] show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-08-09 05:34:11
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 01:34:05.071412 2024] [security2:error] [pid 2048:tid 2048] [client 54.224.207.105:60985] [client 54.224.207.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.234"] [uri "/.env"] [unique_id "ZrWqTbQYGaBQMfkmZbw3jgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
vps01.feasoftware.it
2024-08-09 04:36:20
(4 weeks ago)
54.224.207.105 - - [09/Aug/2024:06:36:15 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windo ... show more 54.224.207.105 - - [09/Aug/2024:06:36:15 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
54.224.207.105 - - [09/Aug/2024:06:36:16 +0200] "GET /wp-content/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
54.224.207.105 - - [09/Aug/2024:06:36:17 +0200] "GET /wp-admin/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
54.224.207.105 - - [09/Aug/2024:06:36:17 +0200] "GET /library/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
54.224.207.105 - - [09/Aug/2024:06:36:17 +0200] "GET /new/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
54.224.207.105 - - [09/Aug/2024:06:36:
... show less
Bad Web Bot
Savvii
2024-08-09 01:55:21
(4 weeks ago)
20 attempts against mh-misbehave-ban on ec102951
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 00:01:23
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 20:01:15.316613 2024] [security2:error] [pid 17740:tid 17740] [client 54.224.207.105:53135] [client 54.224.207.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.100"] [uri "/.env"] [unique_id "ZrVcS77U1Yi9c_lzix-bEQAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
adnscom.net
2024-08-08 23:29:34
(4 weeks ago)
IPS trigger: Brute force WebApp/CMS scanning/attack
Brute-Force
Web App Attack
Savvii
2024-08-08 17:37:37
(4 weeks ago)
20 attempts against mh-misbehave-ban on shine
Brute-Force
Bad Web Bot
Web App Attack
unifr
2024-08-08 16:28:23
(4 weeks ago)
Unauthorized IMAP connection attempt
Brute-Force
TPI-Abuse
2024-08-08 15:54:46
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.224.207.105 (ec2-54-224-207-105.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 11:54:38.659770 2024] [security2:error] [pid 25228:tid 25228] [client 54.224.207.105:50947] [client 54.224.207.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.161"] [uri "/.env"] [unique_id "ZrTqPkf3GsVJsJ38JfcUQwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
RoboSOC
2024-08-08 12:40:49
(4 weeks ago)
phpunit Remote Code Execution Vulnerability, PTR: ec2-54-224-207-105.compute-1.amazonaws.com.
Hacking