Anonymous
|
|
[13/Aug/2024:10:07:22 -0400] - [13/Aug/2024:10:07:54 -0400] .env probe script
|
Hacking
|
|
Anonymous
|
|
[12/Aug/2024:06:07:24 -0400] - [12/Aug/2024:19:03:14 -0400] .env probe script
|
Hacking
|
|
simpeg-adm.bandung.go.id
|
|
35.95.10.172 - - [13/Aug/2024:09:34:40 +0000] "GET /.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows ... show more35.95.10.172 - - [13/Aug/2024:09:34:40 +0000] "GET /.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
35.95.10.172 - - [13/Aug/2024:09:34:40 +0000] "GET /conf/.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
35.95.10.172 - - [13/Aug/2024:09:34:41 +0000] "GET /wp-content/.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
35.95.10.172 - - [13/Aug/2024:09:34:42 +0000] "GET /wp-admin/.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
35.95.10.172 - - [13/Aug/2024:09:34:42 +0000] "GET /library/.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36"
35.95.10.172 - - [13/Aug/2024:09:34:43 +0000] "
... show less
|
Web Spam
Brute-Force
Web App Attack
|
|
gurnip
|
|
Vulnerability probe of page /.env, not found on server.
|
Brute-Force
Web App Attack
|
|
someone
|
|
*:80 35.95.10.172 - - [13/Aug/2024:06:25:56 +0200] "GET /.env HTTP/1.1" 301 477 "-" "Mozilla/5.0 (Wi ... show more*:80 35.95.10.172 - - [13/Aug/2024:06:25:56 +0200] "GET /.env HTTP/1.1" 301 477 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" show less
|
Web App Attack
|
|
rshict
|
|
Hacking, Brute-Force, Web App Attack
|
Hacking
Brute-Force
Web App Attack
|
|
COMAITE
|
|
Multiple web server 400 error codes from same source ip 35.95.10.172.
|
Web App Attack
|
|
Starburst SysOp Team
|
|
[Mon Aug 12 08:46:38.567805 2024] [:error] [pid 3316380:tid 3316424] [client 35.95.10.172:59346] [cl ... show more[Mon Aug 12 08:46:38.567805 2024] [:error] [pid 3316380:tid 3316424] [client 35.95.10.172:59346] [client 35.95.10.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "-"] [uri "/.env"] [unique_id "ZrnL7kHzUYAXJ56FpvXqGQAAABA"] show less
|
Hacking
Brute-Force
Web App Attack
|
|
Anonymous
|
|
Probing to gain illegal access
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.comput ... show more(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 19:45:26.255585 2024] [security2:error] [pid 1517085:tid 1517085] [client 35.95.10.172:63262] [client 35.95.10.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.70"] [uri "/.env"] [unique_id "ZrlNFpWoXrD0H4m7aUCzPAAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.comput ... show more(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 18:14:26.609015 2024] [security2:error] [pid 32055:tid 32055] [client 35.95.10.172:54108] [client 35.95.10.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.120"] [uri "/.env"] [unique_id "Zrk3wn6nxN51fg6m4rM6TwAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MogBox
|
|
(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (US/United States/ec2-35-95-10-172 ... show more(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (US/United States/ec2-35-95-10-172.us-west-2.compute.amazonaws.com): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sun Aug 11 17:48:10.074364 2024] [security2:error] [pid 1034032:tid 1034087] [client 35.95.10.172:55038] [client 35.95.10.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "67.225.186.60"] [uri "/.env"] [unique_id "Zrkxmu9HLAKSrm88v_GucwAAAFc"] show less
|
Hacking
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.comput ... show more(mod_security) mod_security (id:210492) triggered by 35.95.10.172 (ec2-35-95-10-172.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 17:42:53.909540 2024] [security2:error] [pid 6682:tid 6697] [client 35.95.10.172:65385] [client 35.95.10.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.128"] [uri "/.env"] [unique_id "ZrkwXY0i_G6bz9nKWawuOgAAAI0"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
B: f2b 404 5x
|
Web App Attack
|
|
Savvii
|
|
20 attempts against mh-misbehave-ban on hail
|
Brute-Force
Bad Web Bot
Web App Attack
|
|