๐ฌ๐ง
openstrike.co.uk
2026-07-10 05:13:37
(1 day ago)
3 attacks on PHP URLs, Alfa URLs:
POST /wp-plain.php HTTP/1.1
POST /alfacgiapi/perl.alfa HTTP/1.1
Web App Attack
Hacking
๐ฉ๐ช
4server
2026-07-10 03:19:01
(1 day ago)
[FriJul1005:18:58.1756272026][security2:error][pid753980:tid754029][client147.90.209.157:0]ModSecuri ...
show more
[FriJul1005:18:58.1756272026][security2:error][pid753980:tid754029][client147.90.209.157:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\\)\|\?=\?f\(\?:open\|write\)\?\\\\\\\\\(\|\\\\\\\\b\(\?:passthru\|serialize\|php_uname\|phpinfo\|shell_exec\|preg_\\\\\\\\w \|mysql_query\|exec\|include\|eval\|create_function\|system\|base64_decode\|decode_base64\|base64_url_decode\|str_rot13\)\\\\\\\\b\?\(\?:\\\\\\\\\(\|\\\\\\\\:\)\)\"atARGS:l.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"724\"][id\"340195\"][rev\"4\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Base64EncodedPHPfunctioninArgument-thismaybeanattack.\"][data\"php_uname\(\"][severity\"CRITICAL\"][hostname\"gagspettacolo.ch\"][uri\"/wp-plain.php\"][unique_id\"alBkojhBhWWtGkBoWzfh-wAAAIE\"]\,referer:www.google.com
show less
Port Scan
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-10 03:03:48
(1 day ago)
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/"] | UA: ["Mozlila/5.0 (Linux; Android 7.0; SM ...
show more
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/"] | UA: ["Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/53
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-10 02:59:36
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 22:59:32.830692 2026] [security2:error] [pid 23149:tid 23149] [client 147.90.209.157:30599] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.gabbyspetnanny.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.gabbyspetnanny.com"] [uri "/wp-content/plugins/apikey/apikey.php.suspected"] [unique_id "alBgFPR5vu-JvjHWnbC7awAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 02:20:51
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 22:20:43.445945 2026] [security2:error] [pid 20933:tid 20933] [client 147.90.209.157:21265] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.fusteriafontane.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.fusteriafontane.com"] [uri "/plugins/content/apismtp/apismtp.php"] [unique_id "alBW-7dMfJR3v8_Y7wTOyQAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ambor
2026-07-10 00:57:57
(1 day ago)
Attack type: wordpress_attack_attempt | Target: /wp-content/themes/seotheme/db.php | UA: Mozlila/5.0 ...
show more
Attack type: wordpress_attack_attempt | Target: /wp-content/themes/seotheme/db.php | UA: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NR | Country: DE
show less
Web App Attack
Brute-Force
๐ฉ๐ช
filstal.org
2026-07-10 00:36:02
(1 day ago)
CrowdSec: crowdsecurity/http-bad-user-agent
Bad Web Bot
Hacking
๐ฌ๐ท
setupgr
2026-07-10 00:34:12
(1 day ago)
(mod_security) mod_security (id:1000001) triggered by 147.90.209.157 (DE/Germany/Hesse/Frankfurt am ...
show more
(mod_security) mod_security (id:1000001) triggered by 147.90.209.157 (DE/Germany/Hesse/Frankfurt am Main/-/[AS212238 CDNEXT]): 1 in the last 86400 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Fri Jul 10 03:34:08.549607 2026] [security2:error] [pid 2452514:tid 2452645] [client 147.90.209.157:23969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/db.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "103"] [id "1000001"] [msg "Bad file blocked: /wp-content/themes/seotheme/db.php"] [severity "CRITICAL"] [tag "security"] [hostname "ftiaxtomonosou.gr"] [uri "/wp-content/themes/seotheme/db.php"] [unique_id "alA-AJDWufSc43okyknieQAAA0M"], referer: www.google.com
show less
Port Scan
Anonymous
2026-07-10 00:30:34
(1 day ago)
147.90.209.157 - - [10/Jul/2026:02:30:30 +0200] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 60 ...
show more
147.90.209.157 - - [10/Jul/2026:02:30:30 +0200] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 60636 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
147.90.209.157 - - [10/Jul/2026:02:30:31 +0200] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 60343 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
147.90.209.157 - - [10/Jul/2026:02:30:30 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 61114 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
147.90.209.157 - - [10/Jul/2026:02:30:31 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 60821 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-10 00:06:20
(1 day ago)
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/ALFA_DATA/alfacgiapi/perl.alfa","/wp-content/t ...
show more
CrowdSec: crowdsecurity/http-bad-user-agent | req: ["/ALFA_DATA/alfacgiapi/perl.alfa","/wp-content/themes/seotheme/db.php?u"] | UA: ["Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/53
show less
Bad Web Bot
๐ฉ๐ช
maxpower
2026-07-09 23:49:06
(1 day ago)
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 147.90.209.157 (DE/Germany/-): 1 in the last 3600 s ...
show more
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 147.90.209.157 (DE/Germany/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 147.90.209.157 - - [10/Jul/2026:01:48:59 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 47744 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" "-" host=frleone.ovh
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-09 23:18:24
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 19:18:19.932736 2026] [security2:error] [pid 18855:tid 18855] [client 147.90.209.157:37367] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||epetsure.co|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "epetsure.co"] [uri "/plugins/content/apismtp/apismtp.php.suspected"] [unique_id "alAsO9uD5ERMY0S6GGgl5gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 22:59:23
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:59:19.857671 2026] [security2:error] [pid 14747:tid 14747] [client 147.90.209.157:28537] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||frenchla.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "frenchla.com"] [uri "/wp-content/plugins/apikey/apikey.php.suspected"] [unique_id "alAnxyd6eyy0iUSYPYWYTQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 22:09:51
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210350) triggered by 147.90.209.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:09:46.823931 2026] [security2:error] [pid 4199:tid 4199] [client 147.90.209.157:43449] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.fredlandia.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.fredlandia.com"] [uri "/"] [unique_id "alAcKoQlsRBHqerLXPVE3gAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
maxpower
2026-07-09 22:04:53
(1 day ago)
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 147.90.209.157 (DE/Germany/-): 1 in the last 3600 s ...
show more
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 147.90.209.157 (DE/Germany/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 147.90.209.157 - - [10/Jul/2026:00:04:50 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 0 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" "-" host=freddiegroup.com
show less
Port Scan