rshict
2025-01-28 10:11:46
(3 weeks ago)
Hacking, Brute-Force, Web App Attack
Hacking
Brute-Force
Web App Attack
Anonymous
2025-01-16 11:51:02
(1 month ago)
[15/Jan/2025:05:09:04 -0500] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 Keydrop\"
[15/Jan/2025:05:09 ... show more [15/Jan/2025:05:09:04 -0500] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 Keydrop\"
[15/Jan/2025:05:09:05 -0500] \"GET / HTTP/1.0\" Blank UA show less
Hacking
BSG Webmaster
2025-01-16 08:35:06
(1 month ago)
Port scanning (Port 443)
Port Scan
Hacking
Anonymous
2025-01-15 10:52:15
(1 month ago)
Reported from Nginx log analysis 6. Log: 138.68.135.144 - - [15/Jan/2025:xx:xx:xx 0100] "GET /.env ... show more Reported from Nginx log analysis 6. Log: 138.68.135.144 - - [15/Jan/2025:xx:xx:xx 0100] "GET /.env HTTP/1.1" xxx xxx "-" "Mozilla/5.0 Keydrop" "-" "GB United Kingdom Slough" "AS14061" "DIGITALOCEAN-ASN" | 138.68.135.144 - - [15/Jan/2025:xx:xx:xx 0100] "GET /.env HTTP/1.1" xxx xxx "-" "Mozilla/5.0 Keydrop" "-" "GB United Kingdom Slough" "AS14061" "DIGITALOCEAN-ASN" show less
Port Scan
Brute-Force
SSH
kosada.com
2025-01-15 09:57:51
(1 month ago)
Web vulnerability probing
Web App Attack
TPI-Abuse
2025-01-15 09:48:10
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 04:48:05.289540 2025] [security2:error] [pid 3702:tid 3702] [client 138.68.135.144:54428] [client 138.68.135.144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.206"] [uri "/.env"] [unique_id "Z4eEVQmKt4UxBZ1G6PFG6AAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
jk jk
2025-01-15 09:46:41
(1 month ago)
GoPot Honeypot 1
Hacking
Web App Attack
Anonymous
2025-01-15 09:46:33
(1 month ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET / HTTP/1.0
Hacking
Web App Attack
TPI-Abuse
2025-01-15 09:20:39
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 04:20:33.675668 2025] [security2:error] [pid 23236:tid 23236] [client 138.68.135.144:51408] [client 138.68.135.144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.175"] [uri "/.env"] [unique_id "Z4d94ZHsROQp-WIXVoSVWAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 09:02:07
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 04:02:00.833915 2025] [security2:error] [pid 139381:tid 139381] [client 138.68.135.144:37640] [client 138.68.135.144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.62"] [uri "/.env"] [unique_id "Z4d5iIjUXfHTq41lojp6yAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
kumiko
2025-01-15 09:00:39
(1 month ago)
[2025-01-15 09:00:38] Probing for dotfiles
"GET /.env HTTP/1.1" 403
Bad Web Bot
Web App Attack
Anonymous
2025-01-15 08:54:43
(1 month ago)
On 2025-01-15T08:54:43Z UTC, IP 138.68.135.144 made multiple unsuccessful attempts to connect to por ... show more On 2025-01-15T08:54:43Z UTC, IP 138.68.135.144 made multiple unsuccessful attempts to connect to port(s) 443. Response: deny. Classified under categories: 21. show less
Web App Attack
ifiguero
2025-01-15 08:51:31
(1 month ago)
Web Attack (\x00\x00\x00\x00\x00). 7d ban
Web App Attack
pa4080
2025-01-15 08:26:22
(1 month ago)
Detected by ModSecurity. Request URI: /.env
Web App Attack
TPI-Abuse
2025-01-15 08:20:07
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 138.68.135.144 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 03:20:00.791796 2025] [security2:error] [pid 619716:tid 619716] [client 138.68.135.144:58510] [client 138.68.135.144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.176"] [uri "/.env"] [unique_id "Z4dvsN_U7aFe247ChL00gwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack