Anonymous
2024-11-18 21:18:45
(3 weeks ago)
Ports: 143,993; Direction: 0; Trigger: LF_IMAPD
Brute-Force
SSH
Anonymous
2024-11-04 01:36:25
(1 month ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Anonymous
2024-11-03 02:08:10
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
Brute-Force
SSH
penjaga BRIN
2024-11-03 01:11:26
(1 month ago)
apache-alfa-111
Web App Attack
Anonymous
2024-11-02 22:39:29
(1 month ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
hermawan
2024-07-08 14:44:24
(5 months ago)
[Mon Jul 08 21:44:20.809420 2024] [security2:error] [pid 334488:tid 132754767349312] [client 92.244. ... show more [Mon Jul 08 21:44:20.809420 2024] [security2:error] [pid 334488:tid 132754767349312] [client 92.244.115.140:59626] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "204"] [id "930130"] [msg "Restricted File Access Attempt"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: .env found within REQUEST_FILENAME: /.env request_line = GET /.env HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/.env"] [unique_id "Zov7RCnzjhOFGK6ZAUr9SAAAABE"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[334547] [KPzGck3IuBY] [Zov7RCnzjhOFGK
... show less
Hacking
Web App Attack
URAN Publishing Service
2024-07-08 13:31:24
(5 months ago)
92.244.115.140 - - [08/Jul/2024:16:31:22 +0300] "GET /.env HTTP/1.1" 404 276 "-" "Mozilla/5.0 (Macin ... show more 92.244.115.140 - - [08/Jul/2024:16:31:22 +0300] "GET /.env HTTP/1.1" 404 276 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
92.244.115.140 - - [08/Jul/2024:16:31:22 +0300] "GET /wp-content/ HTTP/1.1" 404 276 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
... show less
Web App Attack
10dencehispahard SL
2024-06-28 17:04:41
(5 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
Anonymous
2024-06-28 16:45:34
(5 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
TPI-Abuse
2024-06-28 16:07:18
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): ... show more (mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 12:07:11.187303 2024] [security2:error] [pid 22282] [client 92.244.115.140:54477] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.seniorservicetravel.com"] [uri "/.env"] [unique_id "Zn7frwnuJYh-5ZldrmnhbAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-28 15:44:39
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): ... show more (mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 11:44:34.267290 2024] [security2:error] [pid 31589] [client 92.244.115.140:49341] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brevardzen.org"] [uri "/.env"] [unique_id "Zn7aYmD2i_cNieLhi8EuRgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-06-28 15:41:57
(5 months ago)
[Fri Jun 28 22:40:56.369626 2024] [security2:error] [pid 876339:tid 123722952345152] [client 92.244. ... show more [Fri Jun 28 22:40:56.369626 2024] [security2:error] [pid 876339:tid 123722952345152] [client 92.244.115.140:60110] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "204"] [id "930130"] [msg "Restricted File Access Attempt"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: .env found within REQUEST_FILENAME: /.env request_line = GET /.env HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/.env"] [unique_id "Zn7ZiIlKT8MFXNrvGnqw0AAAAQk"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[876390] [9RHGEgVyzN4] [Zn7ZiIlKT8MFXN
... show less
Hacking
Web App Attack
URAN Publishing Service
2024-06-28 15:40:34
(5 months ago)
92.244.115.140 - - [28/Jun/2024:18:39:32 +0300] "GET /.env HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macin ... show more 92.244.115.140 - - [28/Jun/2024:18:39:32 +0300] "GET /.env HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
92.244.115.140 - - [28/Jun/2024:18:39:33 +0300] "GET /wp-content/ HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
... show less
Web App Attack
URAN Publishing Service
2024-06-19 15:43:41
(5 months ago)
92.244.115.140 - - [19/Jun/2024:18:43:40 +0300] "GET /.env HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macin ... show more 92.244.115.140 - - [19/Jun/2024:18:43:40 +0300] "GET /.env HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
92.244.115.140 - - [19/Jun/2024:18:43:40 +0300] "GET /wp-content/ HTTP/1.1" 404 285 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
... show less
Web App Attack
Web App Attack
TPI-Abuse
2024-03-10 05:29:55
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): ... show more (mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 10 00:29:32.904561 2024] [security2:error] [pid 26854] [client 92.244.115.140:56019] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "donbullis.com"] [uri "/.env"] [unique_id "Ze1FPFb3wAHM7OUL_kVCMAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack