|
Anonymous
|
|
|
Bad Web Bot
|
|
|
๐ญ๐บ
DumaNet
|
|
Web app attack attempts, scanning for vulnerability.
Date: 2025 Oct 02. 16:38:58
Source IP: 54.91. ...
show more
Web app attack attempts, scanning for vulnerability.
Date: 2025 Oct 02. 16:38:58
Source IP: 54.91.173.27
Portion of the log(s):
54.91.173.27 - [02/Oct/2025:16:38:42 +0200] "GET /awstats/.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
54.91.173.27 - [02/Oct/2025:16:38:35 +0200] "GET /aws-secret.yaml HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
54.91.173.27 - [02/Oct/2025:16:38:35 +0200] "GET /wp-config HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
54.91.173.27 - [02/Oct/2025:16:38:18 +0200] "GET /_profiler/phpinfo/phpinfo.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
54.91.173.27 - [02/Oct/2025:16:38:18 +0200] "GET /_profiler/phpinfo/info.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"....
show less
|
Web App Attack
|
|
|
๐ณ๐ฑ
Site.eu
|
|
Excessive 404/403 errors
|
Brute-Force
|
|
|
๐ฉ๐ช
Vegascosmetics
|
|
Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse
|
Hacking
Web App Attack
|
|
|
๐ฉ๐ช
LRob
|
|
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazon ...
show more
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 02 12:15:41.865294 2025] [security2:error] [pid 26883:tid 26883] [client 54.91.173.27:35802] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blanchardch.fr"] [uri "/.env"] [unique_id "aN6lLbhjRk69lY3i1VrlfAAAAAM"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐จ๐ญ
zynex
|
|
URL Probing: /.env
|
Web App Attack
|
|
|
๐ซ๐ท
dynamix
|
|
Multiple WAF Violations
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazon ...
show more
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 02 10:24:22.873879 2025] [security2:error] [pid 18134:tid 18134] [client 54.91.173.27:52464] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vetline.eu"] [uri "/.env"] [unique_id "aN6LFtFyYBwSN3BjjKkIDwAAABg"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ณ๐ฑ
BlueWire Hosting
|
|
Scanning for Laravel vulnerabilities
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazon ...
show more
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 02 09:58:01.330272 2025] [security2:error] [pid 21812:tid 21812] [client 54.91.173.27:45402] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thedreamcatchers.eu"] [uri "/.env"] [unique_id "aN6E6SUpqtQT0HR16zjYRQAAAAM"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
54.91.173.27 - sliver85.eu - [02/Oct/2025:15:27:38 +0200] "GET / HTTP/1.1" 444 "-"
54.91.173.27 - sl ...
show more
54.91.173.27 - sliver85.eu - [02/Oct/2025:15:27:38 +0200] "GET / HTTP/1.1" 444 "-"
54.91.173.27 - sliver85.eu - [02/Oct/2025:15:27:44 +0200] "GET / HTTP/1.1" 444 "-"
...
show less
|
Brute-Force
Web App Attack
|
|
|
๐ฉ๐ช
Jochen Pretli
|
|
connection to honeypot
|
Email Spam
Port Scan
|
|
|
๐ฉ๐ช
Roper123
|
|
Web exploits
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazon ...
show more
(mod_security) mod_security (id:210492) triggered by 54.91.173.27 (ec2-54-91-173-27.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 02 08:37:21.430288 2025] [security2:error] [pid 15080:tid 15080] [client 54.91.173.27:59114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "polydorou.eu"] [uri "/.git/config"] [unique_id "aN5yAbOHmXLOAoIsL49wBQAAAAQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|