4server
2024-12-08 10:04:07
(1 month ago)
[SunDec0811:04:00.6991212024][security2:error][pid73145:tid73206][client185.107.81.141:0][client185. ... show more [SunDec0811:04:00.6991212024][security2:error][pid73145:tid73206][client185.107.81.141:0][client185.107.81.141]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchedphrase\"wp-config.php\"atARGS:file.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"135\"][id\"344360\"][rev\"5\"][msg\"Atomicorp.comWAFRules:UnauthorizedOperatingSystemFileAccessAttempt\"][data\"MatchedData:wp-config.phpfoundwithinARGS:file:/wp-config.php\"][severity\"CRITICAL\"][tag\"attack-lfi\"][hostname\"foodelivery.benvenutialfood.ch\"][uri\"/wp-admin/admin-ajax.php\"][unique_id\"Z1VvEGrhC6Cr7MT7MBbB6QAAAIQ\"][SunDec0811:04:01.0974992024][security2:error][pid73031:tid73062][client185.107.81.141:0][client185.107.81.141]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys show less
Blog Spam
Anonymous
2024-12-08 07:46:23
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
Brute-Force
SSH
TPI-Abuse
2024-12-08 06:23:49
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 01:23:43.108038 2024] [security2:error] [pid 9306:tid 9464] [client 185.107.81.141:60671] [client 185.107.81.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pwihatah.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z1U7b_xrq91QDyVHdAmCswAAAIE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-07 23:50:32
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 18:50:27.786380 2024] [security2:error] [pid 26140:tid 26140] [client 185.107.81.141:54179] [client 185.107.81.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guarinofurnituredesigns.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z1TfQ-F_B-Z4MGz-3y4rmwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-07 20:54:04
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 15:53:59.364878 2024] [security2:error] [pid 14091:tid 14091] [client 185.107.81.141:32161] [client 185.107.81.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "imbrasacademic.bridgital.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z1S1591yZ8b04prKOf_AMwAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
LRob.fr
2024-12-07 16:15:05
(1 month ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
Anonymous
2024-12-07 15:40:14
(1 month ago)
(mod_security) mod_security triggered on hostname [redacted] 185.107.81.141 (FR/France/-)
SQL Injection
mnsf
2024-12-07 14:08:12
(1 month ago)
Too many Status 40X (16)
Brute-Force
Web App Attack
FeG Deutschland
2024-12-07 01:32:01
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 137
Exploited Host
Web App Attack
_ArminS_
2024-12-07 00:16:56
(1 month ago)
WEB-Scan 23293:80 detected 2024.12.07 01:16:56
blocked until 2025.01.25 18:19:43
Port Scan
TPI-Abuse
2024-12-06 21:07:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 16:07:25.563300 2024] [security2:error] [pid 3289657:tid 3289657] [client 185.107.81.141:15855] [client 185.107.81.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rodandreelpiercam.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z1NnjVMAdE0Gg68Im3BOtwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-06 19:23:14
(1 month ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Rizzy
2024-12-06 18:55:21
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
akasolutions.de
2024-12-06 18:42:26
(1 month ago)
(mod_security) mod_security triggered on hostname [redacted] 185.107.81.141 (FR/France/-)
SQL Injection
TPI-Abuse
2024-12-06 17:06:58
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.107.81.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 12:06:52.304294 2024] [security2:error] [pid 28128:tid 28128] [client 185.107.81.141:42965] [client 185.107.81.141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ubuciko.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z1MvLIjEw7YjNGZqsxRM6wAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack