|
πͺπΈ
el-brujo
|
|
Cloudflare WAF: Request Path: /404.html Request Query: Host: www.elhacker.net userAgent: Mozlila/5. ...
show more
Cloudflare WAF: Request Path: /404.html Request Query: Host: www.elhacker.net userAgent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Action: block Source: firewallManaged ASN Description: DIGITALOCEAN-ASN Country: SG Method: GET Timestamp: 2025-12-12T01:59:19Z ruleId: 0242110ae62e44028a13bf4834780914. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB).
show less
|
Hacking
SQL Injection
Web App Attack
|
|
|
πͺπΈ
el-brujo
|
|
12/Dec/2025:02:40:09.379653 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
12/Dec/2025:02:40:09.379653 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 167.172.78.2] ModSecurity: Warning. Pattern match ".*\\\\\\\\.(?:php\\\\\\\\d*|phtml)\\\\\\\\.*$" at FILES:filename. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "108"] [id "933110"] [msg "PHP Injection Attack: PHP Script File Upload Found"] [data "Matched Data: titaniumex.php found within FILES:filename: titaniumex.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "parrot.elhacker.net"] [uri "/wp-content/plugins/apikey/apikey.php"] [unique_id "aTtyedwLsI5nQtVbxrgzcQAABng"]
...
show less
|
Hacking
Web App Attack
|
|
|
πΊπ¦
URAN Publishing Service
|
|
167.172.78.2 - - [11/Dec/2025:22:27:52 +0200] "GET /wp-content/plugins/w0rdpr3ssnew/wp-login.php HTT ...
show more
167.172.78.2 - - [11/Dec/2025:22:27:52 +0200] "GET /wp-content/plugins/w0rdpr3ssnew/wp-login.php HTTP/1.1" 404 2873 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Web App Attack
|
|
|
Anonymous
|
|
167.172.78.2 - - [11/Dec/2025:11:38:35 +0100] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 ...
show more
167.172.78.2 - - [11/Dec/2025:11:38:35 +0100] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 162 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Brute-Force
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 167.172.78.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:234930) triggered by 167.172.78.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 04:00:44.315055 2025] [security2:error] [pid 19579:tid 19579] [client 167.172.78.2:58240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.reyadecostarica.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.reyadecostarica.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "aTqIPA4z4F3dg-kMz80xHgAAABU"], referer: www.google.com
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
[11/Dec/2025:18:42:34 +1100] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 279 "www.google. ...
show more
[11/Dec/2025:18:42:34 +1100] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 279 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
show less
|
Hacking
Web App Attack
|
|
|
πΊπ¦
URAN Publishing Service
|
|
167.172.78.2 - - [11/Dec/2025:01:06:40 +0200] "GET /wp-content/uploadxx/up.php HTTP/1.1" 404 270 "ww ...
show more
167.172.78.2 - - [11/Dec/2025:01:06:40 +0200] "GET /wp-content/uploadxx/up.php HTTP/1.1" 404 270 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Web App Attack
|
|
|
πΊπ¦
URAN Publishing Service
|
|
167.172.78.2 - - [10/Dec/2025:21:06:39 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 ...
show more
167.172.78.2 - - [10/Dec/2025:21:06:39 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 282 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Web App Attack
|
|
|
πΊπ¦
URAN Publishing Service
|
|
167.172.78.2 - - [10/Dec/2025:17:34:49 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 ...
show more
167.172.78.2 - - [10/Dec/2025:17:34:49 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 280 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 167.172.78.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:234930) triggered by 167.172.78.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 10:01:22.601539 2025] [security2:error] [pid 31706:tid 31777] [client 167.172.78.2:57222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.projectmanagementcertification.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.projectmanagementcertification.org"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "aTmLQr-J_p6BxdxH4gxkvAAAAAM"], referer: www.google.com
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπ¦
URAN Publishing Service
|
|
167.172.78.2 - - [10/Dec/2025:15:46:46 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 ...
show more
167.172.78.2 - - [10/Dec/2025:15:46:46 +0200] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 277 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
167.172.78.2 - - [10/Dec/2025:15:46:46 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 277 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
...
show less
|
Web App Attack
|
|