๐ฉ๐ช
LRob
2026-07-16 17:20:23
(7 hours ago)
CrowdSec: crowdsecurity/http-bad-user-agent | req: / | 2 distinct paths | UA: Mozlila/5.0 (Linux; An ...
show more
CrowdSec: crowdsecurity/http-bad-user-agent | req: / | 2 distinct paths | UA: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.
show less
Bad Web Bot
๐ณ๐ฑ
WeCloudit-Anti-Abuse
2026-07-16 10:00:01
(14 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent
Web App Attack
Bad Web Bot
๐ซ๐ท
dynamix
2026-07-16 09:52:28
(14 hours ago)
Multiple WAF Violations
Web App Attack
๐ณ๐ฑ
0xffffffff
2026-07-16 09:29:53
(15 hours ago)
[2026-07-16 12:29:51.526639] [authz_core:error] [pid 396145:tid 124364099167936] [client 194.5.49.10 ...
show more
[2026-07-16 12:29:51.526639] [authz_core:error] [pid 396145:tid 124364099167936] [client 194.5.49.103:0] AH01630: client denied by server configuration: /var/www/*/ALFA_DATA, referer www.google.com , error_notes:alfa-shell , URI:'/ALFA_DATA/alfacgiapi/perl.alfa'
[2026-07-16 12:29:51.541669] [authz_core:error] [pid 396146:tid 124364225189568] [client 194.5.49.103:0] AH01630: client denied by server configuration: /var/www/*/wp-content/themes/seotheme, referer www.google.com , error_notes:wp:include-files , URI:'/wp-content/themes/seotheme/db.php?u'
[2026-07-16 12:29:51.542864] [authz_core:error] [pid 396145:tid 124364082349760] [client 194.5.49.103:0] AH01630: client denied by server configuration: /var/www/*/wp-plain.php, referer www.google.com , error_notes:missing-php , URI:'/wp-plain.php'
[2026-07-16 12:29:51.545030] [authz_core:error] [pid 396145:tid 124364082349760] [client 194.5.49.103:0] AH01630: client denied by server configuration: /var/www/*/wp-content/plugins/fix , error_notes:wp:include-files , U
show less
Web App Attack
Bad Web Bot
๐ฆ๐บ
paulshipley.com.au
2026-07-16 07:44:50
(16 hours ago)
[Thu Jul 16 17:44:48.667123 2026] [security2:error] [pid 482248] [client 194.5.49.103:63975] [client ...
show more
[Thu Jul 16 17:44:48.667123 2026] [security2:error] [pid 482248] [client 194.5.49.103:63975] [client 194.5.49.103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/wp-plain.php"] [unique_id "aliL8E0Rcj6IeGeuWsiruQAAAAw"], referer: www.google.com
...
show less
Web App Attack
๐ฉ๐ช
ramazan
2026-07-16 06:43:36
(17 hours ago)
Fail2Ban: nginx-4xx | Failures: 10 | Log: /plugins/content/apismtp/apismtp.php?test=hello /sjygjzbd. ...
show more
Fail2Ban: nginx-4xx | Failures: 10 | Log: /plugins/content/apismtp/apismtp.php?test=hello /sjygjzbd.php?Fox=d3wL7 /wp-content/plugins/apikey/apikey.php.suspected?test=hello /wp-content/plugins/apikey/apikey.php?test=hello /wp-content/plugins/fix/up.php
show less
Web App Attack
Hacking
๐ท๐ด
iulianh
2026-07-16 06:21:38
(18 hours ago)
80,443
Brute-Force
SSH
๐ฎ๐ณ
evicky2002
2026-07-16 06:00:00
(18 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
Anonymous
2026-07-16 01:56:03
(22 hours ago)
Automatically blocked after 11 security events. Observed web-shell or malicious-file probes. Source: ...
show more
Automatically blocked after 11 security events. Observed web-shell or malicious-file probes. Source: Cloudflare security controls.
show less
Hacking
Web App Attack
๐ฏ๐ต
S.O.B.A. Dev.
2026-07-16 01:49:12
(22 hours ago)
Web vulnerability scanning
Brute-Force
Web Spam
Web App Attack
๐ฉ๐ช
maxpower
2026-07-16 01:47:59
(22 hours ago)
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 194.5.49.103 (DE/Germany/-): 1 in the last 3600 sec ...
show more
(backdoor_scan) REGOLA 7 - Backdoor Scan Attempt 194.5.49.103 (DE/Germany/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 194.5.49.103 - - [16/Jul/2026:03:47:57 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 302 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" "194.5.49.103" host=vortici.it
show less
Port Scan
๐ฉ๐ช
Ba-Yu
2026-07-16 01:17:10
(23 hours ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฆ๐บ
clapper
2026-07-16 01:15:12
(23 hours ago)
(mod_security) mod_security (id:980001) triggered by 194.5.49.103 (DE/Germany/-): 5 in the last 600 ...
show more
(mod_security) mod_security (id:980001) triggered by 194.5.49.103 (DE/Germany/-): 5 in the last 600 secs; ID: rub
show less
Brute-Force
Bad Web Bot
๐ซ๐ฎ
YF
2026-07-16 00:31:01
(1 day ago)
WordPress content enumeration
Web App Attack
๐ฆ๐บ
clapper
2026-07-15 23:20:12
(1 day ago)
(mod_security) mod_security (id:980001) triggered by 194.5.49.103 (DE/Germany/-): 5 in the last 3600 ...
show more
(mod_security) mod_security (id:980001) triggered by 194.5.49.103 (DE/Germany/-): 5 in the last 3600 secs; ID: Clar
show less
Brute-Force
Bad Web Bot