๐ณ๐ด
jad-abuse
2026-07-11 04:39:34
(1 week ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-05-12 22:02:28
(2 months ago)
Auto-ban: >3000 req/min op 2026-05-12
Web App Attack
SSH
Hacking
๐จ๐ฆ
moskrin
2026-04-22 07:12:12
(2 months ago)
Spam bot
Web Spam
Bad Web Bot
๐จ๐ฆ
moskrin
2026-04-11 21:23:05
(3 months ago)
Spam bot
Web Spam
Bad Web Bot
Anonymous
2026-04-05 10:09:38
(3 months ago)
Aggressive web scan
Web App Attack
Anonymous
2026-03-13 02:42:29
(4 months ago)
162.158.183.49 - - [13/Mar/2026:04:41:48 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.0" ...
show more
162.158.183.49 - - [13/Mar/2026:04:41:48 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.0" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
162.158.183.49 - - [13/Mar/2026:04:41:48 +0200] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 244 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
162.158.183.49 - - [13/Mar/2026:04:41:56 +0200] "GET /wp-admin/setup-config.php HTTP/1.0" 404 455 "-" "http://zjnnp.org/wp-admin/setup-config.php"
162.158.183.49 - - [13/Mar/2026:04:41:56 +0200] "GET /wp-admin/setup-config.php HTTP/1.1" 404 244 "-" "http://zjnnp.org/wp-admin/setup-config.php"
162.158.183.49 - - [13/Mar/2026:04:42:29 +0200] "GET /wp-admin/setup-config.php HTTP/1.0" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-02-24 13:24:37
(4 months ago)
Aggressive web scan
Web App Attack
๐บ๐ธ
mnsf
2026-01-07 22:05:14
(6 months ago)
Too many Status 50X (11)
Brute-Force
Web App Attack
๐บ๐ธ
thefoofighter
2025-12-03 23:52:43
(7 months ago)
[Wed Dec 03 23:52:42.178368 2025] [:error] [pid 4124741] [client 162.158.183.49:14204] [client 162.1 ...
show more
[Wed Dec 03 23:52:42.178368 2025] [:error] [pid 4124741] [client 162.158.183.49:14204] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sarahmcnally.com"] [uri "/.env.bak"] [unique_id "aTDNSmF3jJrs2pbYVQwm6wAAABU"]
[Wed Dec 03 23:52:43.693016 2025] [:error] [pid 4124741] [client 162.158.183.49:14204] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OW
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2025-11-28 20:05:26
(7 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2025-11-13 00:05:39
(8 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
thefoofighter
2025-11-05 12:38:26
(8 months ago)
[Wed Nov 05 12:38:04.588877 2025] [:error] [pid 3350404] [client 162.158.183.49:10433] [client 162.1 ...
show more
[Wed Nov 05 12:38:04.588877 2025] [:error] [pid 3350404] [client 162.158.183.49:10433] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sarahmcnally.com"] [uri "/api/.env"] [unique_id "aQtFLBcL0-O1SuV6Re1VCgAAAAY"]
[Wed Nov 05 12:38:26.114143 2025] [:error] [pid 3350403] [client 162.158.183.49:13216] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWA
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
thefoofighter
2025-10-30 15:45:02
(8 months ago)
[Thu Oct 30 15:44:56.764521 2025] [:error] [pid 3213115] [client 162.158.183.49:12114] [client 162.1 ...
show more
[Thu Oct 30 15:44:56.764521 2025] [:error] [pid 3213115] [client 162.158.183.49:12114] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sarahmcnally.com"] [uri "/.env.bak"] [unique_id "aQOH-O6O7DY7FXFYAnImbgAAAAg"]
[Thu Oct 30 15:45:01.585518 2025] [:error] [pid 3213115] [client 162.158.183.49:12114] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OW
...
show less
Bad Web Bot
Web App Attack
Anonymous
2025-06-06 15:35:31
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ซ๐ฎ
oh.mg
2025-06-03 15:23:45
(1 year ago)
[Tue Jun 03 17:23:45.290651 2025] [security2:error] [pid 1736559:tid 1736585] [client 162.158.183.49 ...
show more
[Tue Jun 03 17:23:45.290651 2025] [security2:error] [pid 1736559:tid 1736585] [client 162.158.183.49:29436] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "mailboxes.mrman.net"] [uri "/wetty/socket.io/"] [unique_id "aD8TgRDhR-bP8PoqMS3-VwAAAJg"], referer: https://mailboxes.mrman.net/wetty/
[Tue Jun 03 17:23:45.355107 2025] [security2:error] [pid 1736559:tid 1736564] [client 162.158.183.49:29436] [client 162.158.183.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Sc
...
show less
Bad Web Bot
Web App Attack