Anonymous
2024-12-14 00:50:12
(1 month ago)
Infected user bad webscan
Exploited Host
el-brujo
2024-12-13 19:44:55
(1 month ago)
13/Dec/2024:20:44:54.983855 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 13/Dec/2024:20:44:54.983855 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 181.214.164.42] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "www.hostench.eu"] [uri "/.env"] [unique_id "Z1yOtlTANtBZ0SlqSpoJGwADnEk"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-12-13 19:36:22
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 14:36:17.864223 2024] [security2:error] [pid 8830:tid 8830] [client 181.214.164.42:62019] [client 181.214.164.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.casamoresc.it"] [uri "/.env"] [unique_id "Z1yMsfkO-mXhE7Acn7ok1gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-13 18:59:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 13:58:56.372410 2024] [security2:error] [pid 3776703:tid 3776703] [client 181.214.164.42:52273] [client 181.214.164.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "igolfallday.com"] [uri "/.env"] [unique_id "Z1yD8D-IXpPqxhCwLWvLcgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
rafled
2024-12-13 18:45:22
(1 month ago)
attempt to scan and scrape for env files and or files that expose the web app version
Bad Web Bot
conseilgouz
2024-12-13 18:34:04
(1 month ago)
are-17 : Block hidden directories=>/.env(/)
Hacking
Tripwire
2024-12-13 17:56:47
(1 month ago)
Scanning for exploits - /.env
Web App Attack
Buster
2024-12-13 16:55:00
(1 month ago)
Repeated script kiddie mass attack attempts from Perm Blocked ASN and country
DDoS Attack
Open Proxy
Hacking
Web App Attack
TPI-Abuse
2024-12-13 16:41:21
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 11:41:18.836519 2024] [security2:error] [pid 18980:tid 18980] [client 181.214.164.42:55462] [client 181.214.164.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "progresstraining.info"] [uri "/.env"] [unique_id "Z1xjrqqosWJd5Oc4J8thPgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-13 15:37:33
(1 month ago)
Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1
Hacking
Web App Attack
TPI-Abuse
2024-12-13 13:38:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 08:38:04.660117 2024] [security2:error] [pid 19420:tid 19420] [client 181.214.164.42:55990] [client 181.214.164.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.coconutpointlistings.com"] [uri "/.env"] [unique_id "Z1w4vFbDQ3FiQTsO07ZNWAAAACc"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-12-13 13:27:47
(1 month ago)
3.331 requests to *.env
Brute-Force
Bad Web Bot
lindi
2024-12-13 13:04:19
(1 month ago)
trying to access .env file
...
Hacking
Web App Attack
TPI-Abuse
2024-12-13 12:31:15
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 181.214.164.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 07:31:10.816414 2024] [security2:error] [pid 14604:tid 14604] [client 181.214.164.42:55986] [client 181.214.164.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "personalcareattendants.com"] [uri "/.env"] [unique_id "Z1wpDvwouiULnUsWOLkQVwAAABs"] show less
Brute-Force
Bad Web Bot
Web App Attack
jcbriar
2024-12-13 12:10:39
(1 month ago)
Searching for vulnerable scripts
Hacking
Web App Attack