Anonymous
|
|
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [uri "/.env" ... show morefail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [uri "/.env"] show less
|
Web App Attack
|
|
Anonymous
|
|
Web Attack ENV File Scanning Attempt
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 11:02:56.185434 2024] [security2:error] [pid 11787:tid 11787] [client 91.223.227.62:63307] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.242"] [uri "/.env"] [unique_id "ZyuTMCUmjw3VW7FqsSI9MgAAACo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
kumiko
|
|
[2024-11-06 06:25:12] Probing for dotfiles
"GET /.env HTTP/1.1" 403
|
Bad Web Bot
Web App Attack
|
|
Ocean Ascents
|
|
Probe for vulnerabilities. Path attempted: /.env
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 04:59:19.084363 2024] [security2:error] [pid 3655508:tid 3655508] [client 91.223.227.62:62552] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.96"] [uri "/.env"] [unique_id "ZydJd-0ysIPMVaEhrq8b1gAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
jcbriar
|
|
Searching for vulnerable scripts
|
Hacking
Web App Attack
|
|
MogBox
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (UA/Ukraine/-): 1 in the last 360 ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (UA/Ukraine/-): 1 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sun Nov 03 01:11:55.796608 2024] [security2:error] [pid 2527620:tid 2527672] [client 91.223.227.62:63770] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "67.225.186.60"] [uri "/.env"] [unique_id "ZycGGxCVXNoaqnrsdlpf5wAAAFQ"] show less
|
Hacking
|
|
noninjas.com
|
|
tcp/443: Probing on HTTPS for unsecured dotfiles "GET /.env"
|
Hacking
Brute-Force
|
|
TheMadBeaker
|
|
Fail2Ban Ban Triggered
HTTP Exploit Attempt
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 16:11:13.503351 2024] [security2:error] [pid 1375:tid 1375] [client 91.223.227.62:52457] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.27"] [uri "/.env"] [unique_id "ZyPkYQ6wotkZ4bdcssg6VAAAACE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 03:13:43.984465 2024] [security2:error] [pid 15616:tid 15616] [client 91.223.227.62:54029] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.91"] [uri "/.env"] [unique_id "ZyMuJz_EJiOAnAJa4ZHTxgAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
NXTwoThou
|
|
/.env
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 01:11:54.074990 2024] [security2:error] [pid 20614:tid 20614] [client 91.223.227.62:56983] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.62"] [uri "/.env"] [unique_id "ZyMRmgpVGj2Cdb9W8Iqh4QAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 91.223.227.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 00:45:32.236995 2024] [security2:error] [pid 10607:tid 10607] [client 91.223.227.62:64265] [client 91.223.227.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.230"] [uri "/.env"] [unique_id "ZyMLbFegMEwvvvl1OsxScAAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|