lindi
|
|
trying to access .env file
...
|
Hacking
Web App Attack
|
|
fstap
|
|
"GET /.env HTTP/1.1"
|
Bad Web Bot
Web App Attack
|
|
Starburst SysOp Team
|
|
(mod_security-custom) mod_security (id:210492) triggered by 70.39.75.164 (US/United States/keok1.age ... show more(mod_security-custom) mod_security (id:210492) triggered by 70.39.75.164 (US/United States/keok1.agenciasego.com.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [Thu Nov 14 05:54:38.201895 2024] [:error] [pid 1384265:tid 1384332] [client 70.39.75.164:48290] [client 70.39.75.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "5.161.77.139"] [uri "/.env"] [unique_id "ZzWQnr4bPo1GsMKyqld8sgAAABc"] show less
|
Hacking
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 00:53:48.649418 2024] [security2:error] [pid 21296:tid 21374] [client 70.39.75.164:49208] [client 70.39.75.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.134"] [uri "/.env"] [unique_id "ZzWQbCHSbNpawRjjEKkrhAAAAkM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MPL
|
|
tcp/443 (2 or more attempts)
|
Port Scan
|
|
MPL
|
|
tcp/443 (10 or more attempts)
|
Port Scan
|
|
Anonymous
|
|
Unsolicited multiport scan
|
Port Scan
|
|
Anonymous
|
|
Nov 14 06:31:27 rendez-vous openvpn[1795]: 70.39.75.164:54742 Connection reset, restarting [0]
|
VPN IP
Port Scan
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 00:26:10.817508 2024] [security2:error] [pid 5041:tid 5041] [client 70.39.75.164:52188] [client 70.39.75.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.6"] [uri "/.env"] [unique_id "ZzWJ8p2wXqZPIF4tqwN6xgAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Study Bitcoin 🤗
|
|
Port probe to tcp/443 (https)
[srv132]
|
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
|
|
gurnip
|
|
Vulnerability probe of page /.env, not found on server.
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 00:00:31.033249 2024] [security2:error] [pid 10198:tid 10198] [client 70.39.75.164:33916] [client 70.39.75.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.189"] [uri "/.env"] [unique_id "ZzWD71BOh0WEccrww7TikgAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
sdos.es
|
|
"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 70.39.75.164 (keok1.agenciasego.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 23:36:56.723445 2024] [security2:error] [pid 6081:tid 6081] [client 70.39.75.164:40576] [client 70.39.75.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.220"] [uri "/.env"] [unique_id "ZzV-aDzVgqcsjZdEOgOr9AAAAAc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
SilverZippo
|
|
Web App Attack
|
Web App Attack
|
|