Kinsei Engineering Inc.
2024-09-10 21:25:43
(1 month ago)
UFW:High-frequency access to non-released ports used by software with known vulnerabilities.
Port Scan
TPI-Abuse
2024-09-10 16:38:18
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 12:38:12.510277 2024] [security2:error] [pid 15582:tid 15582] [client 93.113.207.168:57491] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brownlegacy.org"] [uri "/.env"] [unique_id "ZuB19MM_3KAxzJexNIluZAAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
quicksand
2024-09-10 15:03:32
(1 month ago)
Malicious URI path [GET /.env] [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/2010010 ... show more Malicious URI path [GET /.env] [Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0] **Reported from WAF sampled requests** show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-10 13:07:17
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 09:07:09.757183 2024] [security2:error] [pid 10082:tid 10082] [client 93.113.207.168:65232] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "premiumenterprisessolution.com"] [uri "/.env"] [unique_id "ZuBEfUBqpAieghsbl2d05AAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-10 12:06:22
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 08:06:15.535695 2024] [security2:error] [pid 20845:tid 20845] [client 93.113.207.168:63755] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thevenicecafe.com"] [uri "/.env"] [unique_id "ZuA2N7u1-OoWzLLPcH8_oAAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-10 10:32:54
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 06:32:46.517293 2024] [security2:error] [pid 24998:tid 24998] [client 93.113.207.168:53055] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "picayunity.com"] [uri "/.env"] [unique_id "ZuAgTmumNZbCWcwcbauRlAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-10 09:39:36
(1 month ago)
fail2ban apache-modsecurity [msg "Restricted access based on geolocation rules."] [uri "/.env"]
Web App Attack
TPI-Abuse
2024-09-10 08:03:34
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 04:03:26.053541 2024] [security2:error] [pid 32067:tid 32067] [client 93.113.207.168:53567] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coconutpointlistings.com"] [uri "/.env"] [unique_id "Zt_9TlSMLBNP1qzSE11h1gAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Epimetheus
2024-09-09 21:42:39
(1 month ago)
Unauthorized access attempts:
From:
93.113.207.168
Method:
H ... show more Unauthorized access attempts:
From:
93.113.207.168
Method:
HTTP GET
URI Path:
/.env
UA:
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" show less
Web App Attack
axllent
2024-09-09 15:44:01
(1 month ago)
Scanning for exploits - /.env
Web App Attack
BlueWire Hosting
2024-09-09 14:10:04
(1 month ago)
Scanning for Laravel vulnerabilities
Web App Attack
Anonymous
2024-09-09 05:00:18
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Hydra-Shield.fr
2024-09-09 04:52:08
(1 month ago)
Directory Traversal on: /.env
Web App Attack
Anonymous
2024-09-09 02:57:33
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
TPI-Abuse
2024-09-08 22:58:23
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 93.113.207.168 (vps-84304.fhnet.fr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 18:58:15.657437 2024] [security2:error] [pid 26996:tid 26996] [client 93.113.207.168:62813] [client 93.113.207.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.timezonespro.com"] [uri "/.env"] [unique_id "Zt4sB6xZeLA88ST1gjhW4AAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack