hermawan
2024-02-23 17:00:07
(10 months ago)
[Sat Feb 24 00:00:03.512262 2024] [security2:error] [pid 341988:tid 139045485151808] [client 92.244. ... show more [Sat Feb 24 00:00:03.512262 2024] [security2:error] [pid 341988:tid 139045485151808] [client 92.244.115.140:57286] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2010"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: gzip found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 request_line = GET /shell4.php HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/shell4.php"] [unique_id "ZdjPE4nFFHGXyrDi-c6TPwAAAAs"], referer https://www.google.com [staklim-jatim.bmkg.go.id]
... show less
Hacking
Web App Attack
ufn.edu.br
2024-01-12 17:40:27
(1 year ago)
[Fri Jan 12 15:40:25.504968 2024] [access_compat:error] [pid 7472] [client 92.244.115.140:54588] AH0 ... show more [Fri Jan 12 15:40:25.504968 2024] [access_compat:error] [pid 7472] [client 92.244.115.140:54588] AH01797: client denied by server configuration: /var/www/html/shell4.php, referer: https://www.google.com
[Fri Jan 12 15:40:25.977320 2024] [access_compat:error] [pid 28803] [client 92.244.115.140:54600] AH01797: client denied by server configuration: /var/www/html/ups.php, referer: https://www.google.com
[Fri Jan 12 15:40:26.681544 2024] [access_compat:error] [pid 28807] [client 92.244.115.140:54613] AH01797: client denied by server configuration: /var/www/html/ru.php, referer: https://www.google.com
... show less
Exploited Host
Web App Attack
TPI-Abuse
2023-11-30 13:37:48
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): ... show more (mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 30 08:36:40.919073 2023] [security2:error] [pid 2899894] [client 92.244.115.140:8663] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.puppetbookshop.com"] [uri "/.env"] [unique_id "ZWiP6CIGLIAahAu-g19gLwAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2023-11-30 13:26:19
(1 year ago)
92.244.115.140 - - [30/Nov/2023:15:25:13 +0200] "GET /.env HTTP/1.1" 404 272 "-" "Mozilla/5.0 (Linux ... show more 92.244.115.140 - - [30/Nov/2023:15:25:13 +0200] "GET /.env HTTP/1.1" 404 272 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30"
... show less
Web App Attack
URAN Publishing Service
2023-11-30 09:30:38
(1 year ago)
92.244.115.140 - - [30/Nov/2023:11:30:37 +0200] "GET /.env HTTP/1.1" 404 280 "-" "Mozilla/5.0 (Linux ... show more 92.244.115.140 - - [30/Nov/2023:11:30:37 +0200] "GET /.env HTTP/1.1" 404 280 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30"
... show less
Web App Attack
URAN Publishing Service
2023-11-29 23:19:51
(1 year ago)
92.244.115.140 - - [30/Nov/2023:01:19:51 +0200] "GET /.env HTTP/1.1" 404 283 "-" "Mozilla/5.0 (Macin ... show more 92.244.115.140 - - [30/Nov/2023:01:19:51 +0200] "GET /.env HTTP/1.1" 404 283 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
92.244.115.140 - - [30/Nov/2023:01:19:51 +0200] "GET /wp-content/ HTTP/1.1" 404 283 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
... show less
Web App Attack
TPI-Abuse
2023-11-29 22:20:52
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): ... show more (mod_security) mod_security (id:210492) triggered by 92.244.115.140 (92-244-115-140.kievnet.com.ua): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 29 17:20:46.439853 2023] [security2:error] [pid 30881:tid 47517942826752] [client 92.244.115.140:2770] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bbpuertadelsol.com"] [uri "/.env"] [unique_id "ZWe5PkHFt1Sqd337SuguQgAAAUY"] show less
Brute-Force
Bad Web Bot
Web App Attack
unifr
2023-10-28 00:02:24
(1 year ago)
Unauthorized IMAP connection attempt
Brute-Force
ufn.edu.br
2023-10-02 14:46:09
(1 year ago)
[Mon Oct 02 11:46:07.178093 2023] [access_compat:error] [pid 16491] [client 92.244.115.140:5261] AH0 ... show more [Mon Oct 02 11:46:07.178093 2023] [access_compat:error] [pid 16491] [client 92.244.115.140:5261] AH01797: client denied by server configuration: /var/www/html/shell4.php, referer: https://www.google.com
[Mon Oct 02 11:46:07.651766 2023] [access_compat:error] [pid 15468] [client 92.244.115.140:5266] AH01797: client denied by server configuration: /var/www/html/ups.php, referer: https://www.google.com
[Mon Oct 02 11:46:08.121195 2023] [access_compat:error] [pid 15469] [client 92.244.115.140:5273] AH01797: client denied by server configuration: /var/www/html/ru.php, referer: https://www.google.com
... show less
Exploited Host
Web App Attack
Anonymous
2023-10-02 12:58:11
(1 year ago)
Web Spam
Email Spam
Blog Spam
Bad Web Bot
Web App Attack
hermawan
2023-10-02 01:56:05
(1 year ago)
[Mon Oct 02 08:56:00.811475 2023] [security2:error] [pid 701673:tid 140594529687104] [client 92.244. ... show more [Mon Oct 02 08:56:00.811475 2023] [security2:error] [pid 701673:tid 140594529687104] [client 92.244.115.140:10559] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1685"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: referer found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 request_line = GET /tttt.php HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/tttt.php"] [unique_id "ZRoi9JqWE7cEG4y_v42A9gAAAGc"], referer https://www.google.com [staklim-jatim.bmkg.go.id] [
... show less
Hacking
Web App Attack
hermawan
2023-09-17 11:00:37
(1 year ago)
[Sun Sep 17 18:00:34.625489 2023] [security2:error] [pid 50058:tid 139924422501952] [client 92.244.1 ... show more [Sun Sep 17 18:00:34.625489 2023] [security2:error] [pid 50058:tid 139924422501952] [client 92.244.115.140:1975] [client 92.244.115.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1685"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: referer found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 request_line = GET /shell.php HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/shell.php"] [unique_id "ZQbcFpua9711KIWGaKTTSgAAAhA"], referer https://www.google.com [staklim-jatim.bmkg.go.id] [
... show less
Hacking
Web App Attack
Anonymous
2023-09-14 04:51:20
(1 year ago)
Web Spam
Email Spam
Blog Spam
Bad Web Bot
Web App Attack
ufn.edu.br
2023-09-14 03:53:23
(1 year ago)
[Thu Sep 14 00:53:21.564575 2023] [access_compat:error] [pid 30647] [client 92.244.115.140:10594] AH ... show more [Thu Sep 14 00:53:21.564575 2023] [access_compat:error] [pid 30647] [client 92.244.115.140:10594] AH01797: client denied by server configuration: /var/www/html/shell4.php, referer: https://www.google.com
[Thu Sep 14 00:53:22.062201 2023] [access_compat:error] [pid 30650] [client 92.244.115.140:10616] AH01797: client denied by server configuration: /var/www/html/ups.php, referer: https://www.google.com
[Thu Sep 14 00:53:22.566928 2023] [access_compat:error] [pid 32314] [client 92.244.115.140:10645] AH01797: client denied by server configuration: /var/www/html/ru.php, referer: https://www.google.com
... show less
Exploited Host
Web App Attack
Anonymous
2023-08-30 08:57:08
(1 year ago)
Web Spam
Email Spam
Blog Spam
Bad Web Bot
Web App Attack