Anonymous
2024-08-08 06:50:33
(2 months ago)
Bot / scanning and/or hacking attempts: GET /wp-admin/css/colors/blue/blue.php HTTP/1.1, GET /wp-con ... show more Bot / scanning and/or hacking attempts: GET /wp-admin/css/colors/blue/blue.php HTTP/1.1, GET /wp-content/plugins/Cache/dropdown.php HTTP/1.1, GET /mah.php HTTP/1.1, GET /indoxploit.php HTTP/1.1, GET /wp-content/mah.php HTTP/1.1, GET /Marvins.php HTTP/1.1, GET /classsmtps.php HTTP/1.1, GET /wp-admin/shapes.php HTTP/1.1, GET /content.php HTTP/1.1, GET /wso.php HTTP/1.1, GET /wp-content/updates.php HTTP/1.1, GET /XxX.php HTTP/1.1, GET /templates/beez3/index.php HTTP/1.1, GET /upload.php HTTP/1.1, GET /ee.php HTTP/1.1, GET /shell.php HTTP/1.1, GET /olux.php HTTP/1.1, GET /wp-includes/css/modules.php HTTP/1.1, GET /uploader.php HTTP/1.1 show less
Hacking
Web App Attack
TPI-Abuse
2024-08-08 04:44:33
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 00:44:29.757519 2024] [security2:error] [pid 18916:tid 18916] [client 109.123.237.16:63068] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totalstorage.solutions"] [uri "/wp-config.php"] [unique_id "ZrRNLQF7m82CUnG56F_LUgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 04:18:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 00:18:07.090930 2024] [security2:error] [pid 2757:tid 2757] [client 109.123.237.16:53433] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "secondskinagency.com"] [uri "/wp-config.php"] [unique_id "ZrRG_4LxAtzcG2YAipcglAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
conseilgouz
2024-08-08 03:38:57
(2 months ago)
sae-0 : Trying access unauthorized files=>/wp-content/plugins/Cache/dropdown.php()
Hacking
TPI-Abuse
2024-08-08 03:34:41
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 23:34:35.376984 2024] [security2:error] [pid 32090:tid 32090] [client 109.123.237.16:64571] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stragar.com"] [uri "/wp-config.php"] [unique_id "ZrQ8yxFG2L12fj_1zxtQZgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 03:16:45
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 23:16:41.924644 2024] [security2:error] [pid 24006:tid 24006] [client 109.123.237.16:55904] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rjabramsonfoundation.org"] [uri "/wp-config.php"] [unique_id "ZrQ4mbWolhlmlz3CXrFKPgAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Aetherweb Ark
2024-08-08 01:48:08
(2 months ago)
(mod_security) mod_security (id:950130) triggered by 109.123.237.16 (SG/Singapore/vmi2060833.contabo ... show more (mod_security) mod_security (id:950130) triggered by 109.123.237.16 (SG/Singapore/vmi2060833.contaboserver.net): N in the last X secs show less
Web App Attack
TPI-Abuse
2024-08-07 23:43:51
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 19:43:45.207459 2024] [security2:error] [pid 22608:tid 22608] [client 109.123.237.16:62380] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ryanc.net"] [uri "/wp-config.php"] [unique_id "ZrQGsW49fmbBnQD7OvZAWAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-07 23:23:58
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 19:23:52.482057 2024] [security2:error] [pid 4460:tid 4460] [client 109.123.237.16:59174] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shirleyconcrete.com"] [uri "/wp-config.php"] [unique_id "ZrQCCGNs5UBrAgzEqG3ViAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-07 22:30:41
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 18:30:36.833532 2024] [security2:error] [pid 11947:tid 11947] [client 109.123.237.16:54053] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tallersprats.com"] [uri "/wp-config.php"] [unique_id "ZrP1jGYbVB4UE6B10UmW_gAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-07 22:04:09
(2 months ago)
109.123.237.16 - - [08/Aug/2024:00:03:45 +0200] "GET /wp-login.php HTTP/1.1" 302 658 "-" "Mozilla/5. ... show more 109.123.237.16 - - [08/Aug/2024:00:03:45 +0200] "GET /wp-login.php HTTP/1.1" 302 658 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
109.123.237.16 - - [08/Aug/2024:00:03:48 +0200] "GET /images/wp-login.php HTTP/1.1" 302 677 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
109.123.237.16 - - [08/Aug/2024:00:03:57 +0200] "GET /wp-includes/ID3/wp-login.php HTTP/1.1" 302 658 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
109.123.237.16 - - [08/Aug/2024:00:03:59 +0200] "GET /wp-includes/wp-login.php HTTP/1.1" 302 658 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
109.123.237.16 - - [08/Aug/2024:00:04:03 +0200] "GET /wp-admin/network/wp-login.php HTTP/1.1" 302 658 "-" "Mozilla/5.0 (Windows NT 6.3; Win64;
... show less
Brute-Force
TPI-Abuse
2024-08-07 21:33:49
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 17:33:43.942775 2024] [security2:error] [pid 15342:tid 15342] [client 109.123.237.16:57104] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yeswedeliver.org"] [uri "/wp-config.php"] [unique_id "ZrPoN416k1KHZ0Vla4YPvAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Apache
2024-08-07 03:07:02
(2 months ago)
(mod_security) mod_security (id:20000010) triggered by 109.123.237.16 (SG/Singapore/vmi2060833.conta ... show more (mod_security) mod_security (id:20000010) triggered by 109.123.237.16 (SG/Singapore/vmi2060833.contaboserver.net): 5 in the last 300 secs show less
Brute-Force
Web App Attack
TPI-Abuse
2024-08-06 11:22:22
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 07:22:16.524996 2024] [security2:error] [pid 32656:tid 32656] [client 109.123.237.16:59304] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bilimkurgumanyagi.com"] [uri "/wp-config.php"] [unique_id "ZrIHaF3jkxSamDNIw6tQAgAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
zynex
2024-08-06 06:01:41
(2 months ago)
URL Probing: /wp-content/plugins/inputs.php
Web App Attack