TPI-Abuse
2024-08-05 21:37:58
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 17:37:51.313620 2024] [security2:error] [pid 29893:tid 29893] [client 109.123.237.16:57275] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lertap5.com"] [uri "/wp-config.php"] [unique_id "ZrFGLx63eUFmV0bG1HlIpQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-05 20:31:25
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 16:31:20.930270 2024] [security2:error] [pid 5704:tid 5704] [client 109.123.237.16:58596] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barbaralynnc.com"] [uri "/wp-config.php"] [unique_id "ZrE2mHV4nUVbizUIp_TN8QAAABs"] show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2024-08-05 15:33:16
(2 months ago)
[MonAug0517:31:34.1797412024][security2:error][pid3095999:tid3096158][client109.123.237.16:0][client ... show more [MonAug0517:31:34.1797412024][security2:error][pid3095999:tid3096158][client109.123.237.16:0][client109.123.237.16]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"5056\"][id\"382238\"][rev\"2\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:PHPfileexecutioninuploadsdirectorydenied\"][data\"wp-content/uploads/inputs.php\"][severity\"CRITICAL\"][hostname\"whatsdecor.comarcosa.com\"][uri\"/wp-content/uploads/inputs.php\"][unique_id\"ZrDwVuPvc2gYLONDp4EmKAAAANc\"][MonAug0517:32:45.1702312024][security2:error][pid3095922:tid3096031][client109.123.237.16:0][client109.123.237.16]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\.bak\|\\\\\\\\.bak\\\\\\\\.php\)\$\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1160\"][id\"390582\"][rev\"2\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoacce show less
Blog Spam
Major Hostility
2024-08-05 03:17:24
(2 months ago)
"GET /radio.php HTTP/1.1" 404
"GET /cgi-bin/inputs.php HTTP/1.1" 404
"GET /wp-content/in ... show more "GET /radio.php HTTP/1.1" 404
"GET /cgi-bin/inputs.php HTTP/1.1" 404
"GET /wp-content/inputs.php HTTP/1.1" 404
"GET /wp-content/themes/inputs.php HTTP/1.1" 404
"GET /.well-known/acme-challenge/inputs.php HTTP/1.1" 404
"GET /images/inputs.php HTTP/1.1" 404
"GET /inputs.php HTTP/1.1" 404
"GET /wp-includes/inputs.php HTTP/1.1" 404
"GET /wp-content/uploads/inputs.php HTTP/1.1" 404
"GET /wp-content/plugins/inputs.php HTTP/1.1" 404
"GET /wp-admin/inputs.php HTTP/1.1" 404
"GET /options-head.php HTTP/1.1" 404
"GET /classsmtps.php HTTP/1.1" 404
"GET /ms-themes.php HTTP/1.1" 404
"GET /delpaths.php HTTP/1.1" 404
"GET /edit-form-comment.php HTTP/1.1" 404
"GET /copypaths.php HTTP/1.1" 404 show less
Web App Attack
Anonymous
2024-08-04 23:47:53
(2 months ago)
wordpress-trap
Web App Attack
hostseries
2024-08-04 21:17:21
(2 months ago)
Trigger: LF_MODSEC
Brute-Force
Anonymous
2024-08-04 18:10:36
(2 months ago)
Fail2Ban apache-noscript
Bad Web Bot
Anonymous
2024-08-04 13:20:52
(2 months ago)
(mod_security) mod_security triggered on hostname [redacted] 109.123.237.16 (SG/Singapore/vmi2060833 ... show more (mod_security) mod_security triggered on hostname [redacted] 109.123.237.16 (SG/Singapore/vmi2060833.contaboserver.net) show less
SQL Injection
TPI-Abuse
2024-08-04 11:59:10
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 04 07:59:04.577407 2024] [security2:error] [pid 28157:tid 28182] [client 109.123.237.16:62201] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mjkotob.com"] [uri "/wp-config.php"] [unique_id "Zq9tCPBr22zsjQU7zMvvewAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-03 20:34:19
(2 months ago)
wordpress-trap
Web App Attack
Anonymous
2024-08-03 17:39:53
(2 months ago)
wordpress-trap
Web App Attack
TPI-Abuse
2024-08-03 17:03:33
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 13:03:28.753276 2024] [security2:error] [pid 381795:tid 381795] [client 109.123.237.16:51914] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.roselockecasting.com"] [uri "/wp-config.php"] [unique_id "Zq5i4JlU_XwJ5Qydep7oWQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-03 10:14:57
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
Brute-Force
SSH
Anonymous
2024-08-03 09:50:44
(2 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
TPI-Abuse
2024-08-03 09:49:35
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 109.123.237.16 (vmi2060833.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 05:49:30.251047 2024] [security2:error] [pid 12956:tid 12956] [client 109.123.237.16:62652] [client 109.123.237.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mollins.com"] [uri "/wp-config.php"] [unique_id "Zq39KvoVVUCBD3gl6wRyZAAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack