sid3windr
2025-01-16 14:48:15
(4 weeks ago)
GET /.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)
Web App Attack
mr_whitehat
2025-01-16 00:34:18
(4 weeks ago)
Probed for vulnerable web application: request line: /.env (Possible exploit:Unprotected .env files)
Web App Attack
c y
2025-01-15 16:47:41
(1 month ago)
...
Web App Attack
Anonymous
2025-01-15 04:57:03
(1 month ago)
Fail2ban Nginx log integration.
Port Scan
Brute-Force
SSH
iplusv
2025-01-15 04:00:09
(1 month ago)
Automatic report from IV firewall log.
Port Scan
Hacking
Brute-Force
sdos.es
2025-01-15 03:23:06
(1 month ago)
"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"
Web App Attack
TPI-Abuse
2025-01-15 03:21:19
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 22:21:15.558276 2025] [security2:error] [pid 11787:tid 11787] [client 167.172.48.128:52304] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.240"] [uri "/.env"] [unique_id "Z4cpq-wOln-n_D9LaRlBtgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 03:01:46
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 22:01:42.920430 2025] [security2:error] [pid 18170:tid 18170] [client 167.172.48.128:34016] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.39"] [uri "/.env"] [unique_id "Z4clFjnN9QWQr-NYSf6XJAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 02:28:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 21:28:53.880055 2025] [security2:error] [pid 30085:tid 30085] [client 167.172.48.128:46068] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.245"] [uri "/.env"] [unique_id "Z4cdZWAXXo-WpTGGTS2T1wAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-15 02:11:33
(1 month ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET / HTTP/1.0
Hacking
Web App Attack
ParaBug
2025-01-15 02:02:56
(1 month ago)
167.172.48.128 - - [15/Jan/2025:03:02:55 +0100] "GET /.env HTTP/1.1" 403 2931 "-" "Mozilla/5.0 Keydr ... show more 167.172.48.128 - - [15/Jan/2025:03:02:55 +0100] "GET /.env HTTP/1.1" 403 2931 "-" "Mozilla/5.0 Keydrop"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2025-01-15 01:56:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 20:56:04.645251 2025] [security2:error] [pid 168056:tid 168056] [client 167.172.48.128:40644] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.199"] [uri "/.env"] [unique_id "Z4cVtONqkaTlmlx3b97U5QAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 01:36:25
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 20:36:19.936720 2025] [security2:error] [pid 1332939:tid 1332939] [client 167.172.48.128:54926] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.101"] [uri "/.env"] [unique_id "Z4cRE943c0aLshVhCzUpLgAAACk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-15 01:20:17
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 167.172.48.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 20:20:12.562656 2025] [security2:error] [pid 1223897:tid 1223897] [client 167.172.48.128:51256] [client 167.172.48.128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.158"] [uri "/.env"] [unique_id "Z4cNTJ94xsCd2z582H5bBAAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
dzpk
2025-01-15 01:02:27
(1 month ago)
167.172.48.128 - - [15/Jan/2025:02:02:27 +0100] "GET /.env HTTP/1.1" 400 248 "-" "Mozilla/5.0 Keydro ... show more 167.172.48.128 - - [15/Jan/2025:02:02:27 +0100] "GET /.env HTTP/1.1" 400 248 "-" "Mozilla/5.0 Keydrop" show less
Web App Attack