Jim Keir
2024-08-08 09:42:44
(1 month ago)
2024-08-08 09:42:44 108.165.243.149 File scanning, blocking 108.165.243.149 for 5 minutes
Web App Attack
MAGIC
2024-08-06 00:04:31
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
URAN Publishing Service
2024-07-18 12:50:12
(2 months ago)
108.165.243.149 - - [18/Jul/2024:15:50:12 +0300] "GET /wp-includes/inputs.php HTTP/1.1" 404 279 "-" ... show more 108.165.243.149 - - [18/Jul/2024:15:50:12 +0300] "GET /wp-includes/inputs.php HTTP/1.1" 404 279 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
... show less
Web App Attack
weblite
2024-07-18 10:57:52
(2 months ago)
WP_EXPLOIT_PROBE WP_MALWARE_PROBE
Hacking
Web App Attack
URAN Publishing Service
2024-07-17 23:17:26
(2 months ago)
108.165.243.149 - - [18/Jul/2024:02:17:26 +0300] "GET /wp-content/themes/inputs.php HTTP/1.1" 404 27 ... show more 108.165.243.149 - - [18/Jul/2024:02:17:26 +0300] "GET /wp-content/themes/inputs.php HTTP/1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
... show less
Web App Attack
hostseries
2024-07-17 17:32:19
(2 months ago)
Trigger: LF_MODSEC
Brute-Force
URAN Publishing Service
2024-07-17 12:00:14
(2 months ago)
108.165.243.149 - - [17/Jul/2024:15:00:13 +0300] "GET /wp-admin/codeboy1877_up.php HTTP/1.1" 404 275 ... show more 108.165.243.149 - - [17/Jul/2024:15:00:13 +0300] "GET /wp-admin/codeboy1877_up.php HTTP/1.1" 404 275 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
... show less
Web App Attack
TPI-Abuse
2024-07-17 05:23:21
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 17 01:23:14.311038 2024] [security2:error] [pid 10982:tid 10995] [client 108.165.243.149:31381] [client 108.165.243.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "strengthsmatter.com"] [uri "/wp-config.php"] [unique_id "ZpdVQhKR0phTHU598rpBjAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
strefapi_com
2024-07-16 21:22:21
(2 months ago)
Brute-force web
...
Hacking
Brute-Force
Web App Attack
URAN Publishing Service
2024-07-16 19:24:58
(2 months ago)
108.165.243.149 - - [16/Jul/2024:22:24:57 +0300] "GET /wp-content/updates.php HTTP/1.1" 404 277 "-" ... show more 108.165.243.149 - - [16/Jul/2024:22:24:57 +0300] "GET /wp-content/updates.php HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36"
... show less
Web App Attack
URAN Publishing Service
2024-07-15 21:15:56
(2 months ago)
108.165.243.149 - - [16/Jul/2024:00:15:54 +0300] "GET /cgi-bin/inputs.php HTTP/1.1" 404 436 "-" "Moz ... show more 108.165.243.149 - - [16/Jul/2024:00:15:54 +0300] "GET /cgi-bin/inputs.php HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"
108.165.243.149 - - [16/Jul/2024:00:15:55 +0300] "GET /wp-content/inputs.php HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
... show less
Web App Attack
TPI-Abuse
2024-07-15 03:10:23
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 14 23:10:16.308966 2024] [security2:error] [pid 32471] [client 108.165.243.149:20163] [client 108.165.243.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "1005kixfm.com"] [uri "/wp-content/plugins/wp-config.php"] [unique_id "ZpSTGCaFhAXNjYtz27hnRwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-07-14 14:01:28
(2 months ago)
Multiple WAF Violations
Brute-Force
Web App Attack
Anonymous
2024-07-14 03:54:28
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mnsf
2024-07-13 18:06:09
(2 months ago)
Login Too Frequent (6)
Brute-Force
Web App Attack