mnsf
2024-11-05 22:01:36
(2 months ago)
Too many Status 40X (11)
Brute-Force
Web App Attack
someone
2024-11-05 20:49:39
(2 months ago)
*:443 64.95.11.36 - - [05/Nov/2024:21:49:38 +0100] "GET /.env HTTP/1.1" 404 20518 "-" "Mozilla/5.0 ( ... show more *:443 64.95.11.36 - - [05/Nov/2024:21:49:38 +0100] "GET /.env HTTP/1.1" 404 20518 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Web App Attack
URAN Publishing Service
2024-11-05 20:39:46
(2 months ago)
64.95.11.36 - - [05/Nov/2024:22:39:44 +0200] "GET /.env HTTP/1.1" 404 2863 "-" "Mozilla/5.0 (X11; Li ... show more 64.95.11.36 - - [05/Nov/2024:22:39:44 +0200] "GET /.env HTTP/1.1" 404 2863 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
64.95.11.36 - - [05/Nov/2024:22:39:45 +0200] "GET /.env HTTP/1.1" 404 2886 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
... show less
Web App Attack
Anonymous
2024-11-05 20:35:49
(2 months ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-11-05 20:13:42
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 15:13:35.816018 2024] [security2:error] [pid 32056:tid 32056] [client 64.95.11.36:48886] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "projects.freedrm.org"] [uri "/.env"] [unique_id "Zyp8b8FPL9_ugtdHjgCSFAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Bedios GmbH
2024-11-05 19:33:21
(2 months ago)
Login credentials theft attempt
Hacking
advena
2024-11-05 19:30:57
(2 months ago)
64.95.11.36 (AS399629 BLNWX) was intercepted at 2024-11-05T19:21:18Z after violating WAF directive: ... show more 64.95.11.36 (AS399629 BLNWX) was intercepted at 2024-11-05T19:21:18Z after violating WAF directive: 874a3e315c344b1281ad4f00046aab6f. Pre-cautionary/corrective action applied: block. show less
Web Spam
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-11-05 19:22:02
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 14:21:54.944805 2024] [security2:error] [pid 29215:tid 29215] [client 64.95.11.36:35348] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pozzolan.org"] [uri "/.env"] [unique_id "ZypwUrF6G6pwqk77hw9H9wAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-05 19:03:04
(2 months ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, POST / HTTP/1.1
Hacking
Web App Attack
sefinek.net
2024-11-05 17:24:11
(2 months ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: ... show more Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: 399629 (BLNWX)
Protocol: HTTP/1.1 (method POST)
Domain: patrons.sefinek.net
Endpoint: /
Timestamp: 2024-11-05T12:08:07Z
Ray ID: 8ddcba37fd083ab6
Rule ID: cc5e7a6277d447eca9c1818934ba65c8
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
Report generated by Node-Cloudflare-WAF-AbuseIPDB https://github.com/sefinek/Node-Cloudflare-WAF-AbuseIPDB show less
Bad Web Bot
penjaga BRIN
2024-11-05 17:09:57
(2 months ago)
-111
Web App Attack
TPI-Abuse
2024-11-05 16:09:44
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 11:09:37.177802 2024] [security2:error] [pid 26744:tid 26744] [client 64.95.11.36:51506] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "polarfoxinno.com"] [uri "/.env"] [unique_id "ZypDQVL7JYkGMwihRCBLhgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 15:46:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 10:46:05.650459 2024] [security2:error] [pid 15012:tid 15012] [client 64.95.11.36:45314] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "players.co.uk.abbeygardensllandudno.com"] [uri "/.env"] [unique_id "Zyo9vYmQow3q0fXGWZDlywAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mr-Money
2024-11-05 15:40:27
(2 months ago)
64.95.11.36 - - [05/Nov/2024:16:40:26 +0100] "GET /.env HTTP/1.1" 404 8946 "-" "Mozilla/5.0 (X11; Li ... show more 64.95.11.36 - - [05/Nov/2024:16:40:26 +0100] "GET /.env HTTP/1.1" 404 8946 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
... show less
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
administrator
2024-11-05 15:32:47
(2 months ago)
2024-11-05 10:25:46,769 fail2ban.actions [766]: NOTICE [apache-custom] Ban 64.95.11.36 ... show more 2024-11-05 10:25:46,769 fail2ban.actions [766]: NOTICE [apache-custom] Ban 64.95.11.36
2024-11-05 13:27:41,650 fail2ban.actions [766]: NOTICE [apache-custom] Ban 64.95.11.36
2024-11-05 16:32:43,625 fail2ban.actions [766]: NOTICE [apache-custom] Ban 64.95.11.36
... show less
Web Spam
Email Spam
Blog Spam
Port Scan
Brute-Force
Web App Attack