essinghigh
|
|
1730559918 # Service_probe # SIGNATURE_SEND # source_ip:20.81.238.37 # dst_port:443
...
|
Port Scan
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 10:40:29.976496 2024] [security2:error] [pid 31104:tid 31104] [client 20.81.238.37:65465] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.190"] [uri "/.env"] [unique_id "ZyY53YmgAw2dAxM5Yfp6ZwAAABg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 10:20:22.518325 2024] [security2:error] [pid 31659:tid 31659] [client 20.81.238.37:51627] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.210"] [uri "/.env"] [unique_id "ZyY1Jn9kkvc8z_nySCcj5AAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
nv
|
|
20.81.238.37 - - [02/Nov/2024:14:59:05 +0100] "GET /.env HTTP/1.1" 400 248 "-" "python-requests/2.28 ... show more20.81.238.37 - - [02/Nov/2024:14:59:05 +0100] "GET /.env HTTP/1.1" 400 248 "-" "python-requests/2.28.1" show less
|
Web App Attack
|
|
aks4226
|
|
Attacking common web applications. (n01)
|
Web App Attack
|
|
Starburst SysOp Team
|
|
(mod_security-custom) mod_security (id:210492) triggered by 20.81.238.37 (US/United States/-): 1 in ... show more(mod_security-custom) mod_security (id:210492) triggered by 20.81.238.37 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [Sat Nov 02 13:43:41.616838 2024] [:error] [pid 1272:tid 1323] [client 20.81.238.37:62493] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "94.136.185.162"] [uri "/.env"] [unique_id "ZyYsjQUqm4hkw_1jhT4f3QAAAFQ"] show less
|
Hacking
|
|
Anonymous
|
|
20.81.238.37 - - [02/Nov/2024:13:38:41 +0000] "GET /.env HTTP/1.1" 400 264 "-" "python-requests/2.28 ... show more20.81.238.37 - - [02/Nov/2024:13:38:41 +0000] "GET /.env HTTP/1.1" 400 264 "-" "python-requests/2.28.1"
... show less
|
Hacking
Web App Attack
|
|
Starburst SysOp Team
|
|
(mod_security-custom) mod_security (id:210492) triggered by 20.81.238.37 (US/United States/-): 1 in ... show more(mod_security-custom) mod_security (id:210492) triggered by 20.81.238.37 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [Sat Nov 02 11:36:14.107913 2024] [:error] [pid 1674550:tid 1674570] [client 20.81.238.37:56547] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "5.161.253.58"] [uri "/.env"] [unique_id "ZyYOrs9tCwsIJE6cfobvogAAABA"] show less
|
Hacking
|
|
Little Iguana
|
|
Attempt to hack Wordpress Login, XMLRPC or other login
|
Hacking
|
|
Anonymous
|
|
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/.env"]
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 06:10:53.066614 2024] [security2:error] [pid 6965:tid 6965] [client 20.81.238.37:49259] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.64"] [uri "/.env"] [unique_id "ZyX6rT-nZwF8_VeHPgdSWQAAABU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 20.81.238.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 05:52:49.077577 2024] [security2:error] [pid 16276:tid 16276] [client 20.81.238.37:54924] [client 20.81.238.37] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.117"] [uri "/.env"] [unique_id "ZyX2cUxJSgveQ78mLL1AlgAAAAY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
SilverZippo
|
|
Web App Attack
|
Web App Attack
|
|
NXTwoThou
|
|
/.env
|
Web App Attack
|
|
sid3windr
|
|
GET /.env (Tarpitted for , wasted 0B)
|
Web App Attack
|
|