Valhalla
2025-01-02 13:40:40
(1 week ago)
Suspicious Activity Detected: /backup/directory.tar
Hacking
Web App Attack
URAN Publishing Service
2024-12-10 23:22:16
(1 month ago)
185.192.16.20 - - [11/Dec/2024:01:19:04 +0200] "GET /wp-content/uploads/wp_live_chat/abruzi.php HTTP ... show more 185.192.16.20 - - [11/Dec/2024:01:19:04 +0200] "GET /wp-content/uploads/wp_live_chat/abruzi.php HTTP/1.1" 404 251 "-" "Go-http-client/1.1"
185.192.16.20 - - [11/Dec/2024:01:22:10 +0200] "GET /wp-content/plugins/about.php HTTP/1.1" 404 251 "-" "Go-http-client/1.1"
... show less
Web App Attack
Anonymous
2024-12-10 22:10:11
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
noxtec GmbH
2024-12-10 17:51:02
(1 month ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 185.192.16.20 (IE/Ir ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 185.192.16.20 (IE/Ireland/-) show less
Bad Web Bot
sms.ru
2024-12-10 14:37:58
(1 month ago)
/wp-admin/maint/go.php
Web App Attack
Anonymous
2024-12-09 02:22:09
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
URAN Publishing Service
2024-12-09 00:20:42
(1 month ago)
185.192.16.20 - - [09/Dec/2024:02:20:38 +0200] "GET /wp-content/plugins/wordpresss3cll/up.php HTTP/1 ... show more 185.192.16.20 - - [09/Dec/2024:02:20:38 +0200] "GET /wp-content/plugins/wordpresss3cll/up.php HTTP/1.1" 404 274 "-" "Go-http-client/1.1"
... show less
Web App Attack
URAN Publishing Service
2024-12-07 18:25:13
(1 month ago)
185.192.16.20 - - [07/Dec/2024:20:25:11 +0200] "GET /wp-content/plugins/helloapx/wp-apxupx.php?apx=u ... show more 185.192.16.20 - - [07/Dec/2024:20:25:11 +0200] "GET /wp-content/plugins/helloapx/wp-apxupx.php?apx=upx HTTP/1.1" 404 290 "-" "Go-http-client/1.1"
... show less
Web App Attack
URAN Publishing Service
2024-12-07 12:45:47
(1 month ago)
185.192.16.20 - - [07/Dec/2024:14:45:18 +0200] "GET /wp-includes/wp-login.php HTTP/1.1" 404 277 "-" ... show more 185.192.16.20 - - [07/Dec/2024:14:45:18 +0200] "GET /wp-includes/wp-login.php HTTP/1.1" 404 277 "-" "Go-http-client/1.1"
185.192.16.20 - - [07/Dec/2024:14:45:46 +0200] "GET /wp-admin/css/OK.php HTTP/1.1" 404 277 "-" "Go-http-client/1.1"
... show less
Web App Attack
sms.ru
2024-12-07 11:53:15
(1 month ago)
/wp-admin/dropdown.php
Web App Attack
unifr
2024-11-09 12:21:29
(2 months ago)
Unauthorized IMAP connection attempt
Brute-Force
nyuuzyou
2024-11-06 18:36:28
(2 months ago)
Intensive scraping: /web?s=Farm%20Wilton&country=ne-ne&scraper=wiby. User-Agent: Mozilla/5.0 (Macint ... show more Intensive scraping: /web?s=Farm%20Wilton&country=ne-ne&scraper=wiby. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15. show less
Bad Web Bot
TPI-Abuse
2024-10-30 20:05:05
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 185.192.16.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 185.192.16.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 30 16:04:58.361275 2024] [security2:error] [pid 8936:tid 8936] [client 185.192.16.20:58601] [client 185.192.16.20] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pcga.golf|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/old/www.sql"] [unique_id "ZyKRakQgZITTM3rSFqzVFgAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-24 10:52:35
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-07 13:21:45
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 185.192.16.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 185.192.16.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 07 09:21:38.982300 2024] [security2:error] [pid 15593:tid 15593] [client 185.192.16.20:61975] [client 185.192.16.20] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otrantocapital.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otrantocapital.com"] [uri "/bak/sql.sql"] [unique_id "ZwPgYougCSzFd3siwnTNpQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack