๐ฉ๐ช
maxpower
2026-07-07 16:34:34
(24 minutes ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 se ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026/07/07 18:34:26 [error] 914346#914346: *883724 access forbidden by rule, client: 153.75.89.214, server: samitecnopetrol.it, request: "GET /wp-config.php.bak HTTP/1.1", host: "samitecnopetrol.it"
153.75.89.214 - - [07/Jul/2026:18:34:26 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Python-urllib/2.7" "-" host=samitecnopetrol.it
show less
Port Scan
Anonymous
2026-07-07 16:13:18
(46 minutes ago)
153.75.89.214 - - [08/Jul/2026:00:13:18 +0800] "GET /wp-config.php.bak HTTP/1.1" 301 250 "-" "Python ...
show more
153.75.89.214 - - [08/Jul/2026:00:13:18 +0800] "GET /wp-config.php.bak HTTP/1.1" 301 250 "-" "Python-urllib/2.7"
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 15:44:20
(1 hour ago)
153.75.89.214 - - [07/Jul/2026:17:44:14 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 162 "-" "Python ...
show more
153.75.89.214 - - [07/Jul/2026:17:44:14 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 162 "-" "Python-urllib/2.7"
...
show less
Web App Attack
๐ฉ๐ช
maxpower
2026-07-07 15:40:28
(1 hour ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 se ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026/07/07 17:40:22 [error] 841279#841279: *871252 access forbidden by rule, client: 153.75.89.214, server: costruirebene.it, request: "GET /wp-config.php.bak HTTP/1.1", host: "costruirebene.it"
153.75.89.214 - - [07/Jul/2026:17:40:22 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Python-urllib/2.7" "-" host=costruirebene.it
show less
Port Scan
๐ซ๐ท
masterguru
2026-07-07 15:25:55
(1 hour ago)
BAD BOT - Detected and Blocked.. Matched phrase "python" at REQUEST_HEADERS:User-Agent. (1100000-195 ...
show more
BAD BOT - Detected and Blocked.. Matched phrase "python" at REQUEST_HEADERS:User-Agent. (1100000-195)
show less
Bad Web Bot
๐จ๐ญ
4server
2026-07-07 14:38:20
(2 hours ago)
[TueJul0716:38:13.7884532026][security2:error][pid155925:tid156228][client153.75.89.214:0]ModSecurit ...
show more
[TueJul0716:38:13.7884532026][security2:error][pid155925:tid156228][client153.75.89.214:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\"wp-config\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"aid-web.ch\"][uri\"/wp-config.php.bak\"][unique_id\"ak0PVXw9GgDCtxjG5UY6TgAAANQ\"]
show less
Hacking
Web App Attack
๐ฉ๐ช
maxpower
2026-07-07 14:11:52
(2 hours ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 se ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 153.75.89.214 - - [07/Jul/2026:16:11:47 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 291 "-" "Python-urllib/2.7" "-" host=matteodinicola.it
153.75.89.214 - - [07/Jul/2026:16:11:50 +0200] "GET /wp-config.php.bak HTTP/1.1" 404 110500 "-" "Python-urllib/2.7" "-" host=matteodinicola.it
show less
Port Scan
๐ฉ๐ช
4server
2026-07-07 14:10:54
(2 hours ago)
[TueJul0716:10:52.3563032026][security2:error][pid1447896:tid1448019][client153.75.89.214:0]ModSecur ...
show more
[TueJul0716:10:52.3563032026][security2:error][pid1447896:tid1448019][client153.75.89.214:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(\?:/\(\?:\^\|/\)\\\\\\\\.\(env\|git\|svn\|hg\|DS_Store\)\|/\(\?:wp-config\|\\\\\\\\.htaccess\|\\\\\\\\.htpasswd\)\|\\\\\\\\.\(\?:sql\|bak\|old\|log\)\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"safeoncloud.ch\"][uri\"/wp-config.php.bak\"][unique_id\"ak0I7PjvMu9eym7ZUn2P3wAAANU\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 13:58:48
(3 hours ago)
(mod_security) mod_security (id:210492) triggered by 2002:994b:59d6::994b:59d6 (Unknown): 1 in the l ...
show more
(mod_security) mod_security (id:210492) triggered by 2002:994b:59d6::994b:59d6 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 09:58:41.964500 2026] [security2:error] [pid 30576:tid 30576] [client 2002:994b:59d6::994b:59d6:51106] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totaleventsandtents.com"] [uri "/wp-config.php.bak"] [unique_id "ak0GEUBHsMLmqD7Asak_fQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
maxpower
2026-07-07 13:52:22
(3 hours ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 se ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 153.75.89.214 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026/07/07 15:52:19 [error] 705303#705303: *843947 access forbidden by rule, client: 153.75.89.214, server: matteoappignani.business, request: "GET /wp-config.php.bak HTTP/1.1", host: "matteoappignani.it"
153.75.89.214 - - [07/Jul/2026:15:52:19 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Python-urllib/2.7" "-" host=matteoappignani.it
show less
Port Scan
๐จ๐ฟ
ddw
2026-07-07 11:20:05
(5 hours ago)
ModSecurity detection - Rules: 949110(Inbound Anomaly Score Exceeded (Total Score: 10))
Web App Attack
Anonymous
2026-07-07 10:38:54
(6 hours ago)
Automatically blocked after 1 security event. Observed repeated web application attack probes. Sourc ...
show more
Automatically blocked after 1 security event. Observed repeated web application attack probes. Source: Cloudflare security controls.
show less
Hacking
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-07 10:16:05
(6 hours ago)
[Tue Jul 07 20:16:04.188534 2026] [security2:error] [pid 240179] [client 153.75.89.214:65457] [clien ...
show more
[Tue Jul 07 20:16:04.188534 2026] [security2:error] [pid 240179] [client 153.75.89.214:65457] [client 153.75.89.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "iaki.com.au"] [uri "/wp-config.php.bak"] [unique_id "akzR5Mz7P2xxcf9mPk8fswAAAAk"]
...
show less
Web App Attack
๐ฉ๐ช
maxpower
2026-07-07 08:55:29
(8 hours ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2002:994b:59d6::994b:59d6 (-): 2 in the ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2002:994b:59d6::994b:59d6 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2002:994b:59d6::994b:59d6 - - [07/Jul/2026:10:55:07 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 293 "-" "Python-urllib/2.7" "-" host=poderedellatorre.it
2002:994b:59d6::994b:59d6 - - [07/Jul/2026:10:55:25 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 0 "-" "Python-urllib/2.7" "-" host=poderedellatorre.it
show less
Port Scan
๐ฌ๐ง
OptimusGO
2026-07-07 05:15:27
(11 hours ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-07-07 06:15:26 UTC
Log evidence:
07/07/2026-06:15:25.721808 [wDrop] [**] [1:7000900:1] FINSERV CRITICAL: Backup File Access .bak [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 153.75.89.214:56547 -> 185.127.18.66:80
07/07/2026-06:15:25.721808 [**] [1:1000114:1] SECURITY CRITICAL: wp-config.php Access Attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 153.75.89.214:56547 -> 185.127.18.66:80
show less
Port Scan
Brute-Force