Mehmet_The_Script_Kiddie
2024-09-03 07:04:14
(1 week ago)
GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1
Hacking
Bad Web Bot
Dolutech.com
2024-08-13 21:50:00
(3 weeks ago)
- Blocked due to mod_security rule 6
Brute-Force
SSH
el-brujo
2024-08-10 01:28:24
(1 month ago)
10/Aug/2024:03:28:24.507346 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 10/Aug/2024:03:28:24.507346 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 34.32.19.195] ModSecurity: Warning. Matched phrase "base64_decode" at REQUEST_COOKIES:14[54]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: base64_decode found within REQUEST_COOKIES:14[54]: base64_decode"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.hostench.eu"] [uri "/wp-content/plugins/wp-catcher/index.php"] [unique_id "ZrbCOLF9m4wjpqfkz3VT8gACbj0"]
... show less
Hacking
Web App Attack
spyra.rocks
2024-08-10 01:05:12
(1 month ago)
ModSecurity
Web App Attack
URAN Publishing Service
2024-08-09 23:00:31
(1 month ago)
34.32.19.195 - - [10/Aug/2024:02:00:31 +0300] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1 ... show more 34.32.19.195 - - [10/Aug/2024:02:00:31 +0300] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1" 404 280 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
camara.leg.br
2024-08-09 21:24:11
(1 month ago)
Fake User-Agent Usage
Web App Attack
mawan
2024-08-09 19:47:58
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2024-08-09 19:09:02
(1 month ago)
WordPress plugin direct access attempt:
34.32.19.195 - - [09/Aug/2024:20:09:02 +0100] "GET /w ... show more WordPress plugin direct access attempt:
34.32.19.195 - - [09/Aug/2024:20:09:02 +0100] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1" 200 234 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112." show less
Hacking
Web App Attack
URAN Publishing Service
2024-08-09 16:56:53
(1 month ago)
34.32.19.195 - - [09/Aug/2024:19:56:52 +0300] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1 ... show more 34.32.19.195 - - [09/Aug/2024:19:56:52 +0300] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1" 404 2675 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
Mendip_Defender
2024-08-09 14:34:48
(1 month ago)
[09/Aug/2024:15:34:41.852416 +0100] ZrYpATgAoFH9d2bHXouctgAAAAM 34.32.19.195 34456 188.246.206.60 70 ... show more [09/Aug/2024:15:34:41.852416 +0100] ZrYpATgAoFH9d2bHXouctgAAAAM 34.32.19.195 34456 188.246.206.60 7080
[09/Aug/2024:15:34:51.414834 +0100] ZrYpCzuH2iGocSiIP05GigAAAEA 34.32.19.195 59864 188.246.206.60 7081
... show less
Brute-Force
london2038.com
2024-08-09 12:48:03
(1 month ago)
Probing for exploits
34.32.19.195 - - [09/Aug/2024:14:47:38 +0200] "GET /wp-content/plugins/wp ... show more Probing for exploits
34.32.19.195 - - [09/Aug/2024:14:47:38 +0200] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1" 204 0 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
34.32.19.195 - - [09/Aug/2024:14:47:59 +0200] "GET /wp-content/plugins/wp-catcher/index.php HTTP/1.1" 204 0 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" show less
Hacking
Web App Attack
el-brujo
2024-08-09 12:11:11
(1 month ago)
09/Aug/2024:14:11:10.386616 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 09/Aug/2024:14:11:10.386616 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 34.32.19.195] ModSecurity: Warning. Matched phrase "base64_decode" at REQUEST_COOKIES:14[54]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "295"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: base64_decode found within REQUEST_COOKIES:14[54]: base64_decode"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "hostench.eu"] [uri "/wp-content/plugins/wp-catcher/index.php"] [unique_id "ZrYHXrF9m4wjpqfkz3WdrgACSTM"]
... show less
Hacking
Web App Attack
MAGIC
2024-08-09 12:01:27
(1 month ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Milky
2024-08-09 04:51:26
(1 month ago)
1× attempts to log on to WP. However, we do not use WP. Last visit 2024-08-08 14:43:02
Web Spam
Bad Web Bot
Web App Attack
nextweb
2024-08-09 01:26:59
(1 month ago)
(mod_security) mod_security (id:211230) triggered by 34.32.19.195 (DE/Germany/Land Berlin/Berlin/195 ... show more (mod_security) mod_security (id:211230) triggered by 34.32.19.195 (DE/Germany/Land Berlin/Berlin/195.19.32.34.bc.googleusercontent.com/[AS396982 GOOGLE-CLOUD-PLATFORM]): 5 in the last 3600 secs (CF_ENABLE) show less
Brute-Force