TPI-Abuse
2024-07-23 23:55:38
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 19:55:31.530436 2024] [security2:error] [pid 17532:tid 17532] [client 165.1.77.242:56838] [client 165.1.77.242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alwaysatyourservice.net"] [uri "/.env"] [unique_id "ZqBC8-QztnuB5Jm1gEzCsQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
polycoda
2024-07-23 23:35:00
(1 month ago)
Requests .env files:
[23/Jul/2024:18:47:16 -0400] "GET /.env HTTP/1.1" 404 - "-" "Mozilla/5.0 ... show more Requests .env files:
[23/Jul/2024:18:47:16 -0400] "GET /.env HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
[23/Jul/2024:18:47:17 -0400] "GET /sendgrid/.env HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
[23/Jul/2024:18:47:18 -0400] "GET /.env HTTP/1.1" 404 - "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
[23/Jul/2024:18:47:16 -0400] "GET /.env HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
[23/Jul/2024:18:47:17 -0400] "GET /sendgrid/.env HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
Web App Attack
TPI-Abuse
2024-07-23 23:00:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 19:00:28.476249 2024] [security2:error] [pid 30504:tid 30504] [client 165.1.77.242:63708] [client 165.1.77.242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "studioarts.net"] [uri "/.env"] [unique_id "ZqA2DO6N-ISjbCWt6g_z4gAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Hydra-Shield.fr
2024-07-23 22:58:13
(1 month ago)
Directory Traversal on: /.env
Web App Attack
TPI-Abuse
2024-07-23 22:44:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 18:44:31.547165 2024] [security2:error] [pid 8261:tid 8261] [client 165.1.77.242:54839] [client 165.1.77.242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keywestmusic.net"] [uri "/.env"] [unique_id "ZqAyT-Dq3qk-vqXmHU92eAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
✨
2024-07-23 21:51:01
(1 month ago)
Domain : todoparatuboda.net
Rule : env
2024-07-23 21:50:31 ***hidden-privacy*** GET /.en ... show more Domain : todoparatuboda.net
Rule : env
2024-07-23 21:50:31 ***hidden-privacy*** GET /.env - 80 - 172.69.23.7 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 - todoparatuboda.net 200 0 0 10784 416 3234 - 165.1.77.242 show less
Hacking
SQL Injection
Swiptly
2024-07-23 21:45:52
(1 month ago)
Multiple critical ModSecurity events
...
Web Spam
Bad Web Bot
TPI-Abuse
2024-07-23 21:43:42
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 165.1.77.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 17:43:36.909964 2024] [security2:error] [pid 21259:tid 21259] [client 165.1.77.242:55898] [client 165.1.77.242] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hypinc.net"] [uri "/.env"] [unique_id "ZqAkCAkfYwMJXfkrP2uwhgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Axel
2024-07-23 21:22:01
(1 month ago)
Access to sensitive file detected: 165.1.77.242 - - [23/Jul/2024:21:21:29 +0000] "GET /.env HTTP/1.0 ... show more Access to sensitive file detected: 165.1.77.242 - - [23/Jul/2024:21:21:29 +0000] "GET /.env HTTP/1.0" 403 1597 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" show less
Brute-Force
SSH
ISPLtd
2024-07-23 21:18:27
(1 month ago)
165.1.77.242 - - [23/Jul/2024:18:18:27 -0300] "GET /.env
165.1.77.242 - - [23/Jul/2024:18:18:2 ... show more 165.1.77.242 - - [23/Jul/2024:18:18:27 -0300] "GET /.env
165.1.77.242 - - [23/Jul/2024:18:18:27 -0300] "POST /
... show less
Hacking
Web App Attack
Bedios GmbH
2024-07-23 21:01:50
(1 month ago)
Login credentials theft attempt
Hacking
Major Hostility
2024-07-23 17:44:25
(1 month ago)
"GET /.env HTTP/1.1" 404
"GET /sendgrid/.env HTTP/1.1" 404
Web App Attack
syokadmin
2024-07-23 17:36:21
(1 month ago)
(mod_security) mod_security (id:77316757) triggered by 165.1.77.242 (US/United States/-): 1 in the l ... show more (mod_security) mod_security (id:77316757) triggered by 165.1.77.242 (US/United States/-): 1 in the last 3600 secs show less
Brute-Force
✨
2024-07-23 16:39:01
(1 month ago)
Domain : mitiendaonline.net
Rule : env
2024-07-23 16:38:36 ***hidden-privacy*** GET /.en ... show more Domain : mitiendaonline.net
Rule : env
2024-07-23 16:38:36 ***hidden-privacy*** GET /.env - 80 - 172.69.23.87 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 - mitiendaonline.net 200 0 0 10784 416 334 - 165.1.77.242 show less
Hacking
SQL Injection
ISPLtd
2024-07-23 16:35:48
(1 month ago)
165.1.77.242 - - [23/Jul/2024:10:35:47 -0600] "GET /.env
...
Hacking
Web App Attack