TPI-Abuse
2024-11-05 12:24:09
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 07:24:05.944634 2024] [security2:error] [pid 904:tid 904] [client 64.52.80.84:54334] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "howtokeepgoodemployeescom.indie100.com"] [uri "/.env"] [unique_id "ZyoOZW3ktNyjegXsyh0cYgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 11:59:18
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 06:59:12.117377 2024] [security2:error] [pid 28289:tid 28289] [client 64.52.80.84:44560] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "holesandcorners.com"] [uri "/.env"] [unique_id "ZyoIkIApFJyU71ELKy6yIwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 11:33:12
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 06:33:09.103281 2024] [security2:error] [pid 27822:tid 27822] [client 64.52.80.84:41518] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "helstone.com"] [uri "/.env"] [unique_id "ZyoCdbO_N1ffeoNy9ZLlBwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 11:15:41
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 06:15:38.200733 2024] [security2:error] [pid 784629:tid 784629] [client 64.52.80.84:46414] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hawkhaus.com"] [uri "/.env"] [unique_id "Zyn-WtWkR1lExXLEgOeYWQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 10:50:52
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 05:50:45.677132 2024] [security2:error] [pid 21102:tid 21102] [client 64.52.80.84:39802] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hamson.com"] [uri "/.env"] [unique_id "Zyn4hY2JsKyxjtjaDW5MVwAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 09:53:59
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 04:53:52.121192 2024] [security2:error] [pid 17349:tid 17349] [client 64.52.80.84:47838] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grandviewlabradorretrievers.com.grandvistalabs.com"] [uri "/.env"] [unique_id "ZynrMA3jDXX0RR9DrwpyaAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Roper123
2024-11-05 09:51:41
(2 months ago)
Web exploits
Web App Attack
TPI-Abuse
2024-11-05 09:37:10
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 04:37:04.119584 2024] [security2:error] [pid 16547:tid 16547] [client 64.52.80.84:53612] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goodpage.com"] [uri "/.env"] [unique_id "ZynnQKer1ppZjJ9dBYQfTAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-11-05 09:35:52
(2 months ago)
154 requests to *.env
Brute-Force
Bad Web Bot
ecodehost.com
2024-11-05 09:24:10
(2 months ago)
Domain : gnss.3dteknoloji.com.tr
Rule : env
2024-11-05 09:22:57 10.100.1.20 GET /.env - ... show more Domain : gnss.3dteknoloji.com.tr
Rule : env
2024-11-05 09:22:57 10.100.1.20 GET /.env - 443 - 64.52.80.84 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 - gnss.3dteknoloji.com.tr 404 0 0 1836 241 1890 - - show less
Hacking
SQL Injection
TPI-Abuse
2024-11-05 09:19:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 04:19:06.319375 2024] [security2:error] [pid 9808:tid 9808] [client 64.52.80.84:40176] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globalweb123.com"] [uri "/.env"] [unique_id "ZynjCod5M2v-vt5D8wG0hwAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
advena
2024-11-05 09:00:55
(2 months ago)
64.52.80.84 (AS399629 BLNWX) was intercepted at 2024-11-05T08:45:57Z after violating WAF directive: ... show more 64.52.80.84 (AS399629 BLNWX) was intercepted at 2024-11-05T08:45:57Z after violating WAF directive: 23548ee2b36547a1be09bb2c0550c529. Pre-cautionary/corrective action applied: block. show less
Web Spam
Hacking
Brute-Force
Web App Attack
quicksand
2024-11-05 08:53:07
(2 months ago)
Malicious URI path [GET /.env] [Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Geck ... show more Malicious URI path [GET /.env] [Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36] show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 08:43:56
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 64.52.80.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 03:43:48.662063 2024] [security2:error] [pid 14507:tid 14507] [client 64.52.80.84:54326] [client 64.52.80.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gestionimmobiliereadstock.com"] [uri "/.env"] [unique_id "ZynaxLLJVMltE8s9iEAcHAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
FeG Deutschland
2024-11-05 08:43:02
(2 months ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack