JPPO
|
|
4 hits : GET /.env or GET //.env with or without prefix
|
Web App Attack
|
|
JCB
|
|
64.95.11.36 - - [05/Nov/2024:14:42:11 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Lin ... show more64.95.11.36 - - [05/Nov/2024:14:42:11 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
|
Hacking
Web App Attack
|
|
BlueWire Hosting
|
|
Scanning for Laravel vulnerabilities
|
Web App Attack
|
|
Anonymous
|
|
Fuzzing/Looking for credentials files.
|
Brute-Force
Web App Attack
|
|
mga.icgbio.ru
|
|
64.95.11.36 - - [05/Nov/2024:20:05:29 +0700] "GET /.env HTTP/1.1" 404 69 "-" "Mozilla/5.0 (X11; Linu ... show more64.95.11.36 - - [05/Nov/2024:20:05:29 +0700] "GET /.env HTTP/1.1" 404 69 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
64.95.11.36 - - [05/Nov/2024:20:05:29 +0700] "GET /.env HTTP/1.1" 404 69 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
64.95.11.36 - - [05/Nov/2024:20:05:29 +0700] "GET /.env HTTP/1.1" 404 69 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
... show less
|
Web App Attack
|
|
Mr-Money
|
|
64.95.11.36 - - [05/Nov/2024:13:59:22 +0100] "GET /.env HTTP/1.1" 404 5865 "-" "Mozilla/5.0 (X11; Li ... show more64.95.11.36 - - [05/Nov/2024:13:59:22 +0100] "GET /.env HTTP/1.1" 404 5865 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
... show less
|
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 07:48:51.130827 2024] [security2:error] [pid 17087:tid 17087] [client 64.95.11.36:48278] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "perlcreativedesign.com"] [uri "/.env"] [unique_id "ZyoUM5DtOTh60k_TgWiUPwAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 07:27:11.647960 2024] [security2:error] [pid 12248:tid 12248] [client 64.95.11.36:57534] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "p-co.com"] [uri "/.env"] [unique_id "ZyoPHyOG76MzrZ8CebshbwAAAAc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
mawan
|
|
Suspected of having performed illicit activity on LAX server.
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 07:01:54.817997 2024] [security2:error] [pid 27827:tid 27827] [client 64.95.11.36:49584] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pasdesinfos.com"] [uri "/.env"] [unique_id "ZyoJMgY7kFV0LMATT0YOOgAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 06:44:23.362932 2024] [security2:error] [pid 20539:tid 20539] [client 64.95.11.36:57996] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paragontechusa.com"] [uri "/.env"] [unique_id "ZyoFF06K_HblbKGotBwQQgAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 06:26:14.667768 2024] [security2:error] [pid 4371:tid 4371] [client 64.95.11.36:39444] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paguilar.com"] [uri "/.env"] [unique_id "ZyoA1ssC7NRt0T4qzR4v2wAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
someone
|
|
*:443 64.95.11.36 - - [05/Nov/2024:12:15:54 +0100] "GET /.env HTTP/1.1" 404 7173 "-" "Mozilla/5.0 (X ... show more*:443 64.95.11.36 - - [05/Nov/2024:12:15:54 +0100] "GET /.env HTTP/1.1" 404 7173 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less
|
Web App Attack
|
|
sefinek.net
|
|
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: ... show moreTriggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
ASN: 399629 (BLNWX)
Protocol: HTTP/1.1 (method POST)
Domain: ny01-cf-mirror.sefinek.net
Endpoint: /
Timestamp: 2024-11-05T09:19:06Z
Ray ID: 8ddbc2a0cae44629
Rule ID: cc5e7a6277d447eca9c1818934ba65c8
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
Report generated by Node-Cloudflare-WAF-AbuseIPDB https://github.com/sefinek/Node-Cloudflare-WAF-AbuseIPDB show less
|
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210492) triggered by 64.95.11.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 05:45:45.548396 2024] [security2:error] [pid 1937:tid 2000] [client 64.95.11.36:45112] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "orthopedica.org"] [uri "/.env"] [unique_id "Zyn3Wa_peM5Cha5_5a6M8wAAAdg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|