TPI-Abuse
2024-11-13 00:26:49
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 19:26:46.376936 2024] [security2:error] [pid 29380:tid 29380] [client 165.227.150.244:39648] [client 165.227.150.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glendaleheritage.org"] [uri "/wp-config.php~"] [unique_id "ZzPyRrnlf1DrRWZmrLOIBQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-11-12 18:06:23
(2 months ago)
Too many Status 40X (15)
Brute-Force
Web App Attack
TPI-Abuse
2024-11-12 12:37:17
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 07:37:12.467307 2024] [security2:error] [pid 209435:tid 209435] [client 165.227.150.244:35864] [client 165.227.150.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doublenaughtspycar.com"] [uri "/wp-config.php~"] [unique_id "ZzNL-OuFwd9gj-ssLXVNtwAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 09:12:36
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 04:12:29.417809 2024] [security2:error] [pid 9911:tid 9911] [client 165.227.150.244:46636] [client 165.227.150.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daebakdesign.com"] [uri "/wp-config.php~"] [unique_id "ZzMb_XEd70JfGDXrNcqhIwAAACc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 04:46:34
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 23:46:28.855724 2024] [security2:error] [pid 2225:tid 2287] [client 165.227.150.244:36104] [client 165.227.150.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ceol.com"] [uri "/wp-config.php~"] [unique_id "ZzLdpKg_f74uc-XdNjxXlgAAAUE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-12 04:01:57
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
Anonymous
2024-11-12 03:37:47
(2 months ago)
(mod_security) mod_security triggered on hostname [redacted] 165.227.150.244 (DE/Germany/-)
SQL Injection
cmbplf
2024-11-12 02:45:35
(2 months ago)
242 requests to *.php.bak
Brute-Force
Bad Web Bot
Anonymous
2024-11-12 02:23:34
(2 months ago)
Bot / scanning and/or hacking attempts: GET /wp-content/backups-dup-lite/installer/ HTTP/1.1, GET /c ... show more Bot / scanning and/or hacking attempts: GET /wp-content/backups-dup-lite/installer/ HTTP/1.1, GET /cmd.txt HTTP/1.1, GET /wp-config.php.bin HTTP/1.1, GET /env.txt HTTP/1.1, done, streams: 0/1/1/0/0 (open/recv/resp/push/rst), GET /db.txt HTTP/1.1, GET /wp-config.php.zip HTTP/1.1, GET /api.md HTTP/1.1, GET /wp-config.php.prod HTTP/1.1, GET /mysql.md HTTP/1.1, GET /wp-config.hph HTTP/1.1, GET /wp-config.php.old HTTP/1.1, GET /wp-config.php_old HTTP/1.1, GET /env.md HTTP/1.1, GET /sql.txt HTTP/1.1, GET /api.txt HTTP/1.1, idle, streams: 1/1/1/0/0 (open/recv/resp/push/rst), GET /wp-config.php_cs-backup HTTP/1.1 show less
Hacking
Web App Attack
2000cn.com.au
2024-11-12 01:56:50
(2 months ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Hacking
Web App Attack
Apache
2024-11-12 01:55:03
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (DE/Germany/-): 5 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (DE/Germany/-): 5 in the last 300 secs show less
Brute-Force
Web App Attack
TPI-Abuse
2024-11-12 01:54:09
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 165.227.150.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 20:54:03.757450 2024] [security2:error] [pid 2797:tid 2797] [client 165.227.150.244:46136] [client 165.227.150.244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bosdkbook.com"] [uri "/wp-config.php~"] [unique_id "ZzK1O1pc_UyGEbhwYP2_JwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-12 00:28:48
(2 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Rizzy
2024-11-11 18:36:02
(2 months ago)
Multiple WAF Violations
Brute-Force
Web App Attack
mnsf
2024-11-11 18:06:15
(2 months ago)
Too many Status 40X (15)
Brute-Force
Web App Attack