๐ฉ๐ช
Jochen Pretli
2025-07-29 21:31:36
(11 months ago)
connection to honeypot
Email Spam
Port Scan
๐ฉ๐ช
Jochen Pretli
2025-07-29 08:00:00
(11 months ago)
connection to honeypot
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-07-09 14:11:28
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 09 10:11:20.610434 2025] [security2:error] [pid 12639:tid 12639] [client 109.237.134.10:34214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artocratic.com"] [uri "/wp-config.php1"] [unique_id "aG54iFuDYM4BOIAMwvSDkQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
BlueWire Hosting
2025-07-09 14:10:16
(1 year ago)
Probing for Wordpress vulnerabilities
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-07-09 02:49:11
(1 year ago)
109.237.134.10 - - [09/Jul/2025:05:49:10 +0300] "GET /wp-config.php_ HTTP/1.1" 404 277 "-" "-"
109.2 ...
show more
109.237.134.10 - - [09/Jul/2025:05:49:10 +0300] "GET /wp-config.php_ HTTP/1.1" 404 277 "-" "-"
109.237.134.10 - - [09/Jul/2025:05:49:11 +0300] "GET /wp-config.php.save HTTP/1.1" 404 277 "-" "-"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-09 00:51:34
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 08 20:51:26.636256 2025] [security2:error] [pid 29797:tid 29797] [client 109.237.134.10:55718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "winecellarinstallationservices.com"] [uri "/wp-config.php.old"] [unique_id "aG29Dhx38Tn9_eVC-Yi6qAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-07-09 00:43:02
(1 year ago)
Bot / scanning and/or hacking attempts: GET /wp-config.phpold HTTP/1.1, GET /ev-team/ HTTP/1.1, GET ...
show more
Bot / scanning and/or hacking attempts: GET /wp-config.phpold HTTP/1.1, GET /ev-team/ HTTP/1.1, GET /wp-config HTTP/1.1, GET /wp-config.php.org HTTP/1.1, GET /wp-config.php1 HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-08 21:23:15
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 08 17:23:11.153327 2025] [security2:error] [pid 13538:tid 13538] [client 109.237.134.10:36650] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "krassa.net"] [uri "/wp-config.php1"] [unique_id "aG2MP4aB1THeanLc0J8HGgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-08 00:17:11
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 07 20:17:05.670080 2025] [security2:error] [pid 1760:tid 1760] [client 109.237.134.10:45708] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mcgmcg.com"] [uri "/wp-config.php1"] [unique_id "aGxjgQS3EO8wqOfFuOtdxQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-06 18:50:31
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 06 14:50:26.832748 2025] [security2:error] [pid 10925:tid 10925] [client 109.237.134.10:50404] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mollins.com"] [uri "/wp-config.php1"] [unique_id "aGrFcogQFEPUztYkmpX-egAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2025-07-06 02:50:12
(1 year ago)
Scanning for exploits - /wp-config.php.old
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-07-05 23:03:13
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.134.10 (alfa3015.alfahosting-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 05 19:03:05.247048 2025] [security2:error] [pid 30115:tid 30115] [client 109.237.134.10:35678] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shipdirect.net"] [uri "/wp-config.php.old"] [unique_id "aGmvKU1oJF4QRO56pzWzbgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
rdpguard.com
2025-07-05 19:24:05
(1 year ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
๐บ๐ธ
Rip
2025-07-05 07:40:24
(1 year ago)
Automated reconnaissance attempt targeting restricted or sensitive paths.
...
Brute-Force
Web App Attack
๐ท๐บ
cleanweb
2025-07-04 22:10:50
(1 year ago)
Looking for /backup.zip, Agent:
Phishing
Brute-Force