paulshipley.com.au
2025-01-16 19:39:42
(1 month ago)
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:20 +1100] "GET /wp-includes/html-ap ... show more levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:20 +1100] "GET /wp-includes/html-api/cloud.php HTTP/1.1" 404 142267 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:23 +1100] "GET /wp-includes/customize/autoload_classmap.php HTTP/1.1" 404 139730 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:25 +1100] "GET /wp-content/themes/include.php HTTP/1.1" 403 627 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:26 +1100] "GET /addslashes.php HTTP/1.1" 404 139081 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:28 +1100] "GET /ab1ux1ft.php HTTP/1.1" 404 139079 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:31 +1100] "GET /themes.php HTTP/1.1" 404 139072 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:33 +1100] "GET /lock.php HTTP/1.1" 404 139075 "-" "-"
levellapromotions.com.au:443 40.69.78.150 - - [17/Jan/2025:06:39:36 +1100] "GET
... show less
Web App Attack
eddy_ops
2025-01-16 17:32:00
(1 month ago)
WP Admin Scan Activities
Web App Attack
hostseries
2025-01-16 11:59:07
(1 month ago)
Trigger: LF_MODSEC
Brute-Force
rakkor
2025-01-16 11:48:44
(1 month ago)
2025/01/16 11:48:42 [error] 32606#32606: *2330702 FastCGI sent in stderr: "Primary script unknown" w ... show more 2025/01/16 11:48:42 [error] 32606#32606: *2330702 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 40.69.78.150, server: , request: "GET /wp-includes/html-api/cloud.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-925b669d-80ec-41dd-b8c8-bf5a26d831bf.sock:", host: "rakkor.com"
... show less
Hacking
Brute-Force
Rizzy
2025-01-16 11:17:26
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
Anonymous
2025-01-16 10:48:54
(1 month ago)
wordpress-trap
Web App Attack
Anonymous
2025-01-16 10:19:40
(1 month ago)
(mod_security) mod_security triggered on hostname [redacted] 40.69.78.150 (IE/Ireland/-)
SQL Injection
Anonymous
2025-01-16 07:45:34
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
octageeks.com
2025-01-16 05:13:05
(1 month ago)
Wordpress malicious attack:[octablocked]
Web App Attack
TPI-Abuse
2025-01-16 01:33:58
(1 month ago)
(mod_security) mod_security (id:240000) triggered by 40.69.78.150 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 40.69.78.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 20:33:54.741748 2025] [security2:error] [pid 29155:tid 29155] [client 40.69.78.150:6119] [client 40.69.78.150] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||uniquetreasuresshops.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "uniquetreasuresshops.com"] [uri "/images/stories/admin-post.php"] [unique_id "Z4hiAt-cTFo11TEaPfKY8AAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Vegascosmetics
2025-01-15 22:52:15
(1 month ago)
Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.
Bad Web Bot
COMAITE
2025-01-15 21:54:10
(1 month ago)
Multiple web server 400 error codes from same source ip 40.69.78.150.
Web App Attack
LRob.fr
2025-01-15 21:30:09
(1 month ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
TPI-Abuse
2025-01-15 20:45:35
(1 month ago)
(mod_security) mod_security (id:240000) triggered by 40.69.78.150 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 40.69.78.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 15:45:32.054941 2025] [security2:error] [pid 25061:tid 25061] [client 40.69.78.150:4505] [client 40.69.78.150] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||kittencream.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "kittencream.com"] [uri "/images/stories/admin-post.php"] [unique_id "Z4gebFBoGau_GXkm_cxnFgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
ph
2025-01-15 15:26:56
(1 month ago)
Bad web bot attempting to run wp-includes on non-WP site
Hacking
Bad Web Bot
Web App Attack