updown.io
2024-08-16 12:33:24
(1 month ago)
{"level":"info","ts":1723811600.976625,"logger":"http.log.access.log0","msg":"handled request","requ ... show more {"level":"info","ts":1723811600.976625,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"134.209.102.110","remote_port":"63392","client_ip":"134.209.102.110","proto":"HTTP/1.1","method":"GET","host":"f1jy.status.updown.io","uri":"/.well-known/about.php","headers":{"User-Agent":["fasthttp"]}},"bytes_read":0,"user_id":"","duration":0.000042632,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://f1jy.status.updown.io/.well-known/about.php"],"Content-Type":[]}}
{"level":"info","ts":1723811601.0993776,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"134.209.102.110","remote_port":"63485","client_ip":"134.209.102.110","proto":"HTTP/1.1","method":"GET","host":"f1jy.status.updown.io","uri":"/vendor/phpunit/phpunit/src/Util/PHP/","headers":{"User-Agent":["fasthttp"]}},"bytes_read":0,"user_id":"","duration":0.000077388,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection"
... show less
DDoS Attack
Web App Attack
TPI-Abuse
2024-08-16 08:38:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 04:38:51.410110 2024] [security2:error] [pid 32612:tid 32612] [client 134.209.102.110:61790] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeremyscraig.com"] [uri "/wp-config.php"] [unique_id "Zr8QG88ZGNrslqQBNS_H_wAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
sms.ru
2024-08-15 15:49:06
(1 month ago)
/vendor/phpunit/phpunit/src/Util/PHP/
Web App Attack
Anonymous
2024-08-15 06:30:22
(1 month ago)
134.209.102.110 - - [15/Aug/2024:08:29:50 +0200] "GET /simple.php HTTP/1.1" 404 451 "-" "fasthttp"<b ... show more 134.209.102.110 - - [15/Aug/2024:08:29:50 +0200] "GET /simple.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /buy.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /special.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /click.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /pages.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /shop.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:51 +0200] "GET /search.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:52 +0200] "GET /brand.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:52 +0200] "GET /x/index.php HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.110 - - [15/Aug/2024:08:29:52 +0200] "GET /ioxi002.PhP7 HTTP/1.1" 404 451 "-" "fasthttp"
134.209.102.11
... show less
DDoS Attack
Savvii
2024-08-15 03:44:16
(1 month ago)
20 attempts against mh-misbehave-ban on redirect
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-08-13 23:16:11
(1 month ago)
20 attempts against mh-misbehave-ban on redirect
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 16:24:39
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 12:24:35.228905 2024] [security2:error] [pid 7273:tid 7273] [client 134.209.102.110:51425] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "murphylumber.ca"] [uri "/wp-config.php"] [unique_id "ZruIw6tZ8U8V_KGw6SSWOwAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-08-12 23:22:26
(1 month ago)
134.209.102.110 - - [13/Aug/2024:02:22:25 +0300] "GET /wp-includes/css/dist/edit-site/ HTTP/1.1" 404 ... show more 134.209.102.110 - - [13/Aug/2024:02:22:25 +0300] "GET /wp-includes/css/dist/edit-site/ HTTP/1.1" 404 438 "-" "fasthttp"
134.209.102.110 - - [13/Aug/2024:02:22:25 +0300] "GET /wp-includes/css/dist/components/ HTTP/1.1" 404 438 "-" "fasthttp"
... show less
Web App Attack
TPI-Abuse
2024-08-12 05:56:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 01:56:27.368950 2024] [security2:error] [pid 30200:tid 30200] [client 134.209.102.110:61372] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lexvaz.com"] [uri "/wp-config.php"] [unique_id "ZrmkC6GMnymqOAbQjK4JQQAAACM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-12 01:46:24
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-08-11 19:44:03
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 15:43:55.763274 2024] [security2:error] [pid 20246:tid 20246] [client 134.209.102.110:51904] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "midknight.borzois.com"] [uri "/wp-config.php"] [unique_id "ZrkUe9G76Y961zBiE9fsoQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-11 19:25:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 15:25:06.612137 2024] [security2:error] [pid 14611:tid 14611] [client 134.209.102.110:58713] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "camescorts.net"] [uri "/wp-config.php"] [unique_id "ZrkQEpbYa2yEoUfE9Hq1HgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-08-11 14:17:00
(1 month ago)
15 attempts against mh-modsecurity-ban on neon
Brute-Force
Web App Attack
TPI-Abuse
2024-08-11 10:45:48
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 06:45:44.043284 2024] [security2:error] [pid 16188:tid 16188] [client 134.209.102.110:60972] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "med-engineering.com"] [uri "/wp-config.php"] [unique_id "ZriWWDZdHBFmO2sBatf_WwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-11 01:37:00
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 134.209.102.110 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 21:36:52.589942 2024] [security2:error] [pid 1852575:tid 1852579] [client 134.209.102.110:55585] [client 134.209.102.110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sitetest.coldwave.net"] [uri "/wp-config.php"] [unique_id "ZrgVtEd2gpM9BaMVMMd1BAAAAgI"] show less
Brute-Force
Bad Web Bot
Web App Attack