TPI-Abuse
2024-08-20 05:12:29
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 01:12:23.153968 2024] [security2:error] [pid 649:tid 649] [client 139.59.235.41:54864] [client 139.59.235.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gdcservices.com"] [uri "/wp-config.php"] [unique_id "ZsQltwSGMre5_Aiuz-lYCgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-19 23:45:35
(1 month ago)
wordpress-trap
Web App Attack
URAN Publishing Service
2024-08-19 22:55:03
(1 month ago)
139.59.235.41 - - [20/Aug/2024:01:55:02 +0300] "GET /wp-content/plugins/classic-editor/wp-login.php ... show more 139.59.235.41 - - [20/Aug/2024:01:55:02 +0300] "GET /wp-content/plugins/classic-editor/wp-login.php HTTP/1.1" 404 275 "-" "fasthttp"
139.59.235.41 - - [20/Aug/2024:01:55:02 +0300] "GET /wp-includes/css/dist/edit-site/ HTTP/1.1" 404 275 "-" "fasthttp"
... show less
Web App Attack
Anonymous
2024-08-19 11:35:37
(1 month ago)
wordpress-trap
Web App Attack
Anonymous
2024-08-19 06:31:58
(1 month ago)
207 attempts to access private web resources such as .env files, wp-includes, wp-admin directories, ... show more 207 attempts to access private web resources such as .env files, wp-includes, wp-admin directories, or private configuration files. show less
Web App Attack
TPI-Abuse
2024-08-19 05:01:57
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 19 01:01:50.506361 2024] [security2:error] [pid 10352:tid 10352] [client 139.59.235.41:50067] [client 139.59.235.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "englishconversationclub.britishclubcentres.com"] [uri "/wp-config.php"] [unique_id "ZsLRvoJJfNSgt4j8e1hRuAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-19 03:40:02
(1 month ago)
Bot / scanning and/or hacking attempts: GET /assets/fonts/ HTTP/1.1, GET /templates/ja_purity/ HTTP/ ... show more Bot / scanning and/or hacking attempts: GET /assets/fonts/ HTTP/1.1, GET /templates/ja_purity/ HTTP/1.1, GET /admin/upload/ HTTP/1.1, GET /assets/css/wizard/ HTTP/1.1 show less
Hacking
Web App Attack
Hirte
2024-08-18 20:14:21
(1 month ago)
C2: Web Attack GET /wp-content/plugins/classic-editor/wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
Savvii
2024-08-18 08:02:10
(1 month ago)
20 attempts against mh-misbehave-ban on redirect
Brute-Force
Bad Web Bot
Web App Attack
zynex
2024-08-18 06:09:31
(1 month ago)
URL Probing: /x/index.php
Web App Attack
Anonymous
2024-08-18 05:16:49
(1 month ago)
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/ HTTP/1.1" ... show more 139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /.tmb/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /simple.php HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /.wp-cli/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /buy.php HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /wordpress/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /special.php HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /v2/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:15 +0200] "GET /click.php HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:07:16:16 +0200] "GET /backend/ HTTP/1.1" 404 459 "-" "fasthttp"
139.59.235.41 - - [18/A
... show less
DDoS Attack
Anonymous
2024-08-18 02:32:36
(1 month ago)
139.59.235.41 - - [18/Aug/2024:04:31:06 +0200] "GET /wp-content/plugins/classic-editor/wp-login.php ... show more 139.59.235.41 - - [18/Aug/2024:04:31:06 +0200] "GET /wp-content/plugins/classic-editor/wp-login.php HTTP/1.1" 302 646 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:31:25 +0200] "GET /wp-login.php HTTP/1.1" 302 646 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:31:33 +0200] "GET /xmlrpc.php HTTP/1.1" 302 646 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:31:37 +0200] "GET /.well-known/pki-validation/wp-login.php HTTP/1.1" 200 2911 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:31:40 +0200] "GET /.well-known/acme-challenge/wp-login.php HTTP/1.1" 200 2911 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:32:35 +0200] "GET /wp-includes/IXR/wp-login.php HTTP/1.1" 302 646 "-" "fasthttp"
139.59.235.41 - - [18/Aug/2024:04:32:35 +0200] "GET /wp-includes/ID3/wp-login.php HTTP/1.1" 302 646 "-" "fasthttp"
... show less
Brute-Force
TPI-Abuse
2024-08-17 23:44:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 19:44:25.958538 2024] [security2:error] [pid 22874:tid 22874] [client 139.59.235.41:55823] [client 139.59.235.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "reunionking.com"] [uri "/wp-config.php"] [unique_id "ZsE12aY6X3sHMzOJL0zyxAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 21:14:34
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 17:14:30.696900 2024] [security2:error] [pid 13626:tid 13626] [client 139.59.235.41:65438] [client 139.59.235.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blackstarmgmt.com.mydobdate.net"] [uri "/wp-config.php"] [unique_id "ZsESth62Hbtzn-gG-zoZ0QAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 19:16:43
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 139.59.235.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 15:16:36.136352 2024] [security2:error] [pid 13254:tid 13254] [client 139.59.235.41:52940] [client 139.59.235.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demo.semisysteme.com"] [uri "/wp-config.php"] [unique_id "ZsD3FOBPbdQEHUQPouo9CQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack