cmbplf
2024-07-13 15:22:56
(2 months ago)
280 requests to */.well-known/pki-validation/*.php
Brute-Force
Bad Web Bot
BlueWire Hosting
2024-07-13 04:10:09
(2 months ago)
Probing for Wordpress vulnerabilities
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-12 21:17:07
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 17:17:03.440912 2024] [security2:error] [pid 6593] [client 108.165.243.149:7155] [client 108.165.243.149] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||natickvillagerentals.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "natickvillagerentals.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZpGdT6OyQ9N3nc_91zwdWwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-12 02:56:36
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 108.165.243.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 11 22:56:30.734257 2024] [security2:error] [pid 25182] [client 108.165.243.149:22683] [client 108.165.243.149] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 108.165.243.149 (+1 hits since last alert)|thenursingsite.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thenursingsite.com"] [uri "/xmlrpc.php"] [unique_id "ZpCbXjQmr30sMFl8TJWougAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-07-11 13:07:17
(3 months ago)
Scanning/Probing (141)
Request Overload (1772)
Brute-Force
Web App Attack
iNetWorker
2024-07-09 23:21:06
(3 months ago)
trolling for resource vulnerabilities
Web App Attack
Anonymous
2024-07-08 03:13:14
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-06-30 11:36:40
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-06-29 06:24:51
(3 months ago)
Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096, ... show more Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,3306,2195; Direction: 0; Trigger: LF_CUSTOMTRIGGER show less
Brute-Force
SSH
10dencehispahard SL
2024-06-28 23:00:34
(3 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
mnsf
2024-05-27 00:01:06
(4 months ago)
Login Too Frequent (7)
Brute-Force
Web App Attack
Anonymous
2024-05-26 01:03:38
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Hirte
2024-05-03 21:42:38
(5 months ago)
MYH: Web Attack GET /wp-content/plugins/core-plugin/nxd.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-05-03 19:05:01
(5 months ago)
108.165.243.149 - - [03/May/2024:22:03:29 +0300] "GET /wp-content/plugins/core-plugin/nxd.php HTTP/1 ... show more 108.165.243.149 - - [03/May/2024:22:03:29 +0300] "GET /wp-content/plugins/core-plugin/nxd.php HTTP/1.1" 404 280 "-" "Go-http-client/1.1"
108.165.243.149 - - [03/May/2024:22:04:52 +0300] "GET /wp-includes/ID3/about.php HTTP/1.1" 404 280 "-" "Go-http-client/1.1"
... show less
Web App Attack
speedtaq.com
2024-05-03 17:58:42
(5 months ago)
108.165.243.149 - - [03/May/2024:19:58:41 +0200] "GET /class.api.php HTTP/1.1" 301 441 "-" "Go-http- ... show more 108.165.243.149 - - [03/May/2024:19:58:41 +0200] "GET /class.api.php HTTP/1.1" 301 441 "-" "Go-http-client/1.1" show less
Bad Web Bot