ManagedStack
2024-11-08 01:21:12
(2 months ago)
Wordpress Attack
Web App Attack
TPI-Abuse
2024-11-08 00:38:44
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 19:38:41.613059 2024] [security2:error] [pid 29117:tid 29117] [client 13.74.146.183:1907] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kingmansvc.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy1dkZYBFsAmK8ZvMaCb9QAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
COMAITE
2024-11-08 00:38:31
(2 months ago)
Multiple web server 400 error codes from same source ip 13.74.146.183.
Web App Attack
Anonymous
2024-11-08 00:26:10
(2 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Anonymous
2024-11-08 00:07:33
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-07 23:50:50
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 18:50:43.441666 2024] [security2:error] [pid 8692:tid 8729] [client 13.74.146.183:2866] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradomountaineer.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy1SU8NmMiCKf-XxHOshjQAAAFE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-07 23:33:43
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 18:33:39.721173 2024] [security2:error] [pid 12150:tid 12150] [client 13.74.146.183:4070] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.goldenvalley1.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy1OU_eYrCCvEWtiNnQpigAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-07 23:05:10
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 18:05:02.513202 2024] [security2:error] [pid 25733:tid 25733] [client 13.74.146.183:1899] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.fernfield.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy1HnkKspSWVmAmXoY_9OwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-07 23:03:33
(2 months ago)
Bot / scanning and/or hacking attempts: GET /bak.php HTTP/1.1, GET /wp-content/themes/404.php HTTP/1 ... show more Bot / scanning and/or hacking attempts: GET /bak.php HTTP/1.1, GET /wp-content/themes/404.php HTTP/1.1, GET /css/ HTTP/1.1, GET /contact.php HTTP/1.1, GET /wp-login.php?redirect_to=https%3A%2F%2Feetcoaching.nl%2Fwp, GET /wp-includes/cloud.php HTTP/1.1, GET /wp-includes/bak.php HTTP/1.1, GET /wp-admin/about.php HTTP/1.1, GET /wp-content/index.php HTTP/1.1, GET /filemanager/dialog.php HTTP/1.1, GET /wp-info.php HTTP/1.1, GET /img/xmrlpc.php?p= HTTP/1.1, GET /test.php HTTP/1.1, GET /wp-admin/wp-login.php HTTP/1.1, GET /media.php HTTP/1.1, GET /cong.php HTTP/1.1, GET /css.php HTTP/1.1, GET /files/ HTTP/1.1, GET /css/index.php HTTP/1.1, GET /readme.php HTTP/1.1, GET /files/index.php HTTP/1.1 show less
Hacking
Web App Attack
Buster
2024-11-07 22:10:00
(2 months ago)
Repeated mass attack attempts blocked: Perm Blocked ASN and country
DDoS Attack
Hacking
Web App Attack
cmbplf
2024-11-07 21:59:40
(2 months ago)
6.896 4xx requests in 1 hour (2w6d5h)
Brute-Force
Bad Web Bot
TPI-Abuse
2024-11-07 21:57:56
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 16:57:52.590992 2024] [security2:error] [pid 12270:tid 12270] [client 13.74.146.183:1475] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.chrisrest.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy034KJLoeAnCR1gV7_2TAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
robotstxt
2024-11-07 21:09:49
(2 months ago)
13.74.146.183 - - [07/Nov/2024:21:07:43 +0000] "GET /cgi-bin/about.php HTTP/1.1" 404 88030 "-" rt="0 ... show more 13.74.146.183 - - [07/Nov/2024:21:07:43 +0000] "GET /cgi-bin/about.php HTTP/1.1" 404 88030 "-" rt="0.981" "-" "-" h="www.nascapers.es" sn="www.nascapers.es" ru="/cgi-bin/about.php" u="/index.php" ucs="-" ua="unix:/var/run/php/nascapers82.sock" us="404" uct="0.000" urt="0.981"
13.74.146.183 - - [07/Nov/2024:21:07:43 +0000] "GET /cgi-bin/about.php HTTP/1.1" 404 88030 "-" "-" "-"
13.74.146.183 - - [07/Nov/2024:21:07:55 +0000] "GET /cgi-bin/cloud.php HTTP/1.1" 404 88030 "-" rt="0.975" "-" "-" h="www.nascapers.es" sn="www.nascapers.es" ru="/cgi-bin/cloud.php" u="/index.php" ucs="-" ua="unix:/var/run/php/nascapers82.sock" us="404" uct="0.000" urt="0.974"
13.74.146.183 - - [07/Nov/2024:21:07:55 +0000] "GET /cgi-bin/cloud.php HTTP/1.1" 404 88030 "-" "-" "-"
13.74.146.183 - - [07/Nov/2024:21:09:09 +0000] "GET /cgi-bin/xmrlpc.php?p= HTTP/1.1" 404 5 "-" rt="0.746" "-" "-" h="www.nascapers.es" sn="www.nascapers.es" ru="/cgi-bin/xmrlpc.php?p=" u="/index.php" ucs="-" ua="unix:/var/run/php/nascapers8
... show less
Bad Web Bot
TPI-Abuse
2024-11-07 21:03:44
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 13.74.146.183 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 16:03:37.775855 2024] [security2:error] [pid 16078:tid 16078] [client 13.74.146.183:1836] [client 13.74.146.183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jimgrenier.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zy0rKef93RwEfzmviMWCjQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-11-07 21:00:27
(2 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force