Bay13
2024-09-08 05:52:24
(1 day ago)
f2b http-redirect
Hacking
Web App Attack
MAGIC
2024-09-06 02:01:57
(3 days ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
rico-j.de
2024-09-04 01:32:07
(5 days ago)
2024/09/04 03:31:58 [error] 429393#429393: *1376767 open() "/var/www/rico-j.de/wp-admin.php" failed ... show more 2024/09/04 03:31:58 [error] 429393#429393: *1376767 open() "/var/www/rico-j.de/wp-admin.php" failed (2: No such file or directory), client: 152.42.253.43, server: rico-j.de, request: "GET /wp-admin.php HTTP/1.1", host: "rico-j.de", referrer: "www.google.com"
2024/09/04 03:32:07 [error] 429393#429393: *1376767 open() "/var/www/rico-j.de/wp-admin.php" failed (2: No such file or directory), client: 152.42.253.43, server: rico-j.de, request: "GET /wp-admin.php HTTP/1.1", host: "rico-j.de", referrer: "www.google.com"
... show less
Bad Web Bot
Mediashaker
2024-09-03 19:37:21
(6 days ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 152.42.253.43 (SG/Singap ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 152.42.253.43 (SG/Singapore/-) show less
Port Scan
weblite
2024-09-03 08:24:36
(6 days ago)
WP_MALWARE_PROBE
Hacking
Web App Attack
URAN Publishing Service
2024-09-02 17:45:21
(1 week ago)
152.42.253.43 - - [02/Sep/2024:20:45:07 +0300] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 404 ... show more 152.42.253.43 - - [02/Sep/2024:20:45:07 +0300] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 404 196 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
152.42.253.43 - - [02/Sep/2024:20:45:20 +0300] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 404 2783 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
openstrike.co.uk
2024-09-02 05:12:35
(1 week ago)
111 attacks on PHP URLs:
GET /alfa123.php HTTP/1.1
Web App Attack
openstrike.co.uk
2024-09-01 05:12:43
(1 week ago)
302 attacks on PHP URLs:
GET /15.php HTTP/1.1
Web App Attack
TPI-Abuse
2024-08-31 07:02:59
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 152.42.253.43 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 152.42.253.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 03:02:51.579656 2024] [security2:error] [pid 11286:tid 11286] [client 152.42.253.43:49204] [client 152.42.253.43] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||schlegelcreative.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "schlegelcreative.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtLAG3zFycMaGizBEhGsPwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Apache
2024-08-30 22:21:18
(1 week ago)
(mod_security) mod_security (id:210410) triggered by 152.42.253.43 (SG/Singapore/-): 5 in the last 3 ... show more (mod_security) mod_security (id:210410) triggered by 152.42.253.43 (SG/Singapore/-): 5 in the last 300 secs show less
Brute-Force
Web App Attack
spyra.rocks
2024-08-30 17:28:01
(1 week ago)
WordPress Backend Shield
Web App Attack
maxxsense
2024-08-30 17:23:32
(1 week ago)
(wordpress) Failed wordpress login from 152.42.253.43 (SG/Singapore/-)
Brute-Force
hermawan
2024-08-27 02:01:50
(1 week ago)
[Tue Aug 27 09:00:45.037936 2024] [security2:error] [pid 981469:tid 138043736458816] [client 152.42. ... show more [Tue Aug 27 09:00:45.037936 2024] [security2:error] [pid 981469:tid 138043736458816] [client 152.42.253.43:57460] [client 152.42.253.43] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Mozlila" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "58"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: Mozlila found within REQUEST_HEADERS:User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"] [severity "CRITICAL"] [ver "OWASP_CRS/4.5.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/wso.php"] [unique_id "Zs0zTRif9RNS_25dqmE_agAAARU"], referer www.go
... show less
Hacking
Web App Attack
clapper
2024-08-21 02:06:36
(2 weeks ago)
(mod_security) mod_security (id:980001) triggered by 152.42.253.43 (SG/Singapore/-): 3 in the last 3 ... show more (mod_security) mod_security (id:980001) triggered by 152.42.253.43 (SG/Singapore/-): 3 in the last 3600 secs; ID: LUC show less
Brute-Force
Bad Web Bot
clapper
2024-08-20 21:43:40
(2 weeks ago)
(mod_security) mod_security (id:980001) triggered by 152.42.253.43 (SG/Singapore/-): 5 in the last 3 ... show more (mod_security) mod_security (id:980001) triggered by 152.42.253.43 (SG/Singapore/-): 5 in the last 3600 secs; ID: rub show less
Brute-Force
Bad Web Bot