sid3windr
2024-05-09 08:49:41
(4 months ago)
GET /.env (Tarpitted for 13h31m6s, wasted 2.78MB)
Web App Attack
ITShelter Security
2024-05-09 07:54:48
(4 months ago)
Restricted File Access Attempt
2024/05/09 10:54:48 +03:00 req: GET /.env HTTP/1.1, host: ***.p ... show more Restricted File Access Attempt
2024/05/09 10:54:48 +03:00 req: GET /.env HTTP/1.1, host: ***.pro show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-08 12:58:58
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 08 08:58:53.223132 2024] [security2:error] [pid 24666] [client 193.32.162.14:42230] [client 193.32.162.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cier.xyz"] [uri "/.env"] [unique_id "Zjt3DcyTxq-AzWLyPvuJfQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2024-05-08 12:41:12
(4 months ago)
[WedMay0814:41:03.9148222024][security2:error][pid2950831:tid23287021127232][client193.32.162.14:0][ ... show more [WedMay0814:41:03.9148222024][security2:error][pid2950831:tid23287021127232][client193.32.162.14:0][client193.32.162.14]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"biling.maurokorangraf.ch\"][uri\"/.env\"][unique_id\"Zjty37UPHOXu2qCDLq-w2QAAAAM\"][WedMay0814:41:04.9841292024][security2:error][pid2950710:tid23287014823488][client193.32.162.14:0][client193.32.162.14]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.a show less
Port Scan
Brute-Force
Web App Attack
TPI-Abuse
2024-05-08 11:52:03
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 08 07:51:57.852670 2024] [security2:error] [pid 7532] [client 193.32.162.14:35486] [client 193.32.162.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.anus.net"] [uri "/.env"] [unique_id "ZjtnXTGIBaZerzexKtacxAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
sid3windr
2024-04-13 00:10:14
(5 months ago)
GET /.env (Tarpitted for 15h22m51s, wasted 3.17MB)
Web App Attack
Hydra-Shield.fr
2024-04-12 05:30:48
(5 months ago)
Directory Traversal on: /.env
Web App Attack
Burayot
2024-04-12 04:50:03
(5 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 193.32.162.14 (RO/Romania/mail.subit ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 193.32.162.14 (RO/Romania/mail.subit.cc): 2 in the last 3600 secs show less
Web App Attack
Savvii
2024-04-11 23:48:33
(5 months ago)
20 attempts against mh-misbehave-ban on ec102950
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-04-11 20:31:01
(5 months ago)
118 requests to /.env
Brute-Force
Bad Web Bot
TPI-Abuse
2024-04-11 19:16:54
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 11 15:16:50.649720 2024] [security2:error] [pid 14372] [client 193.32.162.14:38280] [client 193.32.162.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fobochiru.com"] [uri "/.env"] [unique_id "Zhg3IoGM5il7hGtq2xIY4gAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-11 04:22:46
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 11 00:22:39.545638 2024] [security2:error] [pid 2576] [client 193.32.162.14:41452] [client 193.32.162.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agrizel.com"] [uri "/.env"] [unique_id "Zhdlj8pAv-gNFozpHLX13wAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
ITShelter Security
2024-04-11 02:05:23
(5 months ago)
Restricted File Access Attempt
2024/04/11 05:05:23 +03:00 req: GET /.env HTTP/1.1, host: ***.p ... show more Restricted File Access Attempt
2024/04/11 05:05:23 +03:00 req: GET /.env HTTP/1.1, host: ***.pro
2024/04/11 05:05:24 +03:00 req: POST /core/.env HTTP/1.1, host: ***.pro show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-10 17:56:15
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 193.32.162.14 (mail.subit.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 10 13:56:07.365460 2024] [security2:error] [pid 1806378:tid 48007093475072] [client 193.32.162.14:50754] [client 193.32.162.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.178"] [uri "/.env"] [unique_id "ZhbSt2JfnkSgTfAtF6AIbgAAAdc"] show less
Brute-Force
Bad Web Bot
Web App Attack
sid3windr
2024-04-10 09:15:54
(5 months ago)
GET /.env (Tarpitted for 14m42s, wasted 51.8kB)
Web App Attack