πΊπΈ
TPI-Abuse
2026-06-29 15:27:57
(2 minutes ago)
(mod_security) mod_security (id:210492) triggered by 20.89.140.149 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.89.140.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 11:27:51.892901 2026] [security2:error] [pid 4988:tid 4988] [client 20.89.140.149:56993] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thescarfcompany.com"] [uri "/wp-config.php"] [unique_id "akKO91v3EJUoa980ZpPeSAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
raph
2026-06-29 15:19:44
(11 minutes ago)
[Wordpress] crawler /wp-admin/*, /wp-content/*, etc.
Bad Web Bot
Web App Attack
πΊπΈ
doll.gl
2026-06-29 15:18:21
(12 minutes ago)
20.89.140.149 - - [29/Jun/2026:15:18:19 +0000] "GET /wp-includes/block-supports/ HTTP/1.1" 200 280 " ...
show more
20.89.140.149 - - [29/Jun/2026:15:18:19 +0000] "GET /wp-includes/block-supports/ HTTP/1.1" 200 280 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
π§π·
Halux
2026-06-29 15:16:58
(13 minutes ago)
20.89.140.149 Probing protected path or service
Web App Attack
π¬π·
setupgr
2026-06-29 15:15:28
(15 minutes ago)
(mod_security) mod_security (id:1000001) triggered by 20.89.140.149 (JP/Japan/Tokyo/Shibuya City/-/[ ...
show more
(mod_security) mod_security (id:1000001) triggered by 20.89.140.149 (JP/Japan/Tokyo/Shibuya City/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 86400 secs (CF_ENABLE); Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Jun 29 18:15:27.836553 2026] [security2:error] [pid 2346969:tid 2347084] [client 20.89.140.149:3817] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-content/admin.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "103"] [id "1000001"] [msg "Bad file blocked: /wp-content/admin.php"] [severity "CRITICAL"] [tag "security"] [hostname "gyrosplace.gr"] [uri "/wp-content/admin.php"] [unique_id "akKMDy3y10eOxgima16NaQAABUY"]
show less
Port Scan
π§πΎ
lns.bz
2026-06-29 15:13:42
(17 minutes ago)
Too many 404 requests [BY]
Web App Attack
π§πͺ
voormedia
2026-06-29 15:13:16
(17 minutes ago)
Accessed trap at '/admin.php'
Web App Attack
π·π΄
INTEQ
2026-06-29 15:09:05
(21 minutes ago)
Web attack from 20.89.140.149
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 15:01:40
(29 minutes ago)
(mod_security) mod_security (id:210492) triggered by 20.89.140.149 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 20.89.140.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 11:01:33.197445 2026] [security2:error] [pid 12407:tid 12428] [client 20.89.140.149:3636] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "munatseng.org"] [uri "/wp-config.php"] [unique_id "akKIzcsU2mBCkSM_R9WYrAAAARM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-06-29 15:01:30
(29 minutes ago)
(caddyscan) Scanner path probe from 20.89.140.149 (JP/Japan/-): 5 in the last 3600 secs; Ports: *; D ...
show more
(caddyscan) Scanner path probe from 20.89.140.149 (JP/Japan/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.89.140.149 - - [29/Jun/2026:15:00:05 +0000] "GET /xmlrpc.php HTTP/1.1"
[REDACTED] 200 2627 20.89.140.149 - - [29/Jun/2026:15:01:09 +0000] "GET /wp-config.php HTTP/1.1"
[REDACTED] 200 2627 20.89.140.149 - - [29/Jun/2026:15:01:13 +0000] "GET /wp-admin/js/autoload_classmap.php HTTP/1.1"
[REDACTED] 200 2627 20.89.140.149 - - [29/Jun/2026:15:01:20 +0000] "GET /wp-admin/css/colors/blue/admin.php HTTP/1.1"
[REDACTED] 200 2627 20.89.140.149 - - [29/Jun/2026:15:01:26 +0000] "GET /wp-admin/user/index.php HTTP/1.1"
show less
Port Scan
π©πͺ
ghostwarriors
2026-06-29 14:50:23
(40 minutes ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
π¨π
backslash
2026-06-29 14:48:00
(42 minutes ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
π³π±
i-turnradio.nl
2026-06-29 14:46:16
(44 minutes ago)
2026-06-29 @ 16:46:15 (CET) ~ Blocked for trying to access: /wp-content/plugins/hellopress/wp_filema ...
show more
2026-06-29 @ 16:46:15 (CET) ~ Blocked for trying to access: /wp-content/plugins/hellopress/wp_filemanager.php
show less
Web App Attack
π³πΏ
Tripwire
2026-06-29 14:45:17
(45 minutes ago)
Scanning for exploits - /wp-content/plugins/hellopress/wp_filemanager.php
Hacking
Web App Attack
π©πͺ
LRob.fr
2026-06-29 14:45:03
(45 minutes ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot