Brent Wadleigh
2025-01-09 17:49:18
(3 days ago)
IP attempted SSH bruteforce on port 22. Detected and banned by CrowdSec.
Brute-Force
SSH
spyra.rocks
2025-01-09 00:02:28
(4 days ago)
WordPress
Web App Attack
rafled
2025-01-08 14:21:31
(4 days ago)
attempt to scan and scrape for env files and or files that expose the web app version
Bad Web Bot
MarkGGN
2025-01-08 12:12:24
(4 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-admin-interface-probing
Hacking
Web App Attack
archiv-pm
2025-01-07 21:28:54
(5 days ago)
Probing for resource vulnerabilities HTTP(S)
Web App Attack
Anonymous
2025-01-07 17:56:15
(5 days ago)
Scenario: crowdsecurity/http-admin-interface-probing
Hacking
sweplox.se
2025-01-07 16:18:33
(5 days ago)
45.138.16.85 - - [07/Jan/2025:16:18:31 +0000] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 162 "- ... show more 45.138.16.85 - - [07/Jan/2025:16:18:31 +0000] "GET /wp-admin/install.php?step=1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36"
45.138.16.85 - - [07/Jan/2025:16:18:33 +0000] "GET /wp-admin/setup-config.php?step=1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:117.0) Gecko/20100101 Firefox/117.0"
45.138.16.85 - - [07/Jan/2025:16:18:33 +0000] "GET /wordpress/wp-admin/install.php?step=1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:117.0) Gecko/20100101 Firefox/117.0"
45.138.16.85 - - [07/Jan/2025:16:18:33 +0000] "GET /wordpress/wp-admin/setup-config.php?step=1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36"
45.138.16.85 - - [07/Jan/2025:16:18:33 +0000] "GET /wp/wp-admin/install.php?step=1 HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:117.0
... show less
Bad Web Bot
SSH
mirekdusin
2025-01-07 10:25:57
(5 days ago)
Access Violation Attempts - Multiple 403 Forbidden responses for requests from 45.138.16.85.
Hacking
Bad Web Bot
Web App Attack
eminovic.ba
2025-01-07 07:46:39
(5 days ago)
BRUTE FORCE: Excessive 404 hits
...
Hacking
Brute-Force
Web App Attack
jkhorvath.com
2025-01-06 17:50:50
(6 days ago)
Request for URL /license.txt
Phishing
Brute-Force
Web App Attack
nfsec.pl
2025-01-06 17:32:29
(6 days ago)
45.138.16.85 - - [06/Jan/2025:18:32:28 +0100] "GET /license.txt HTTP/1.1" 404 30325 "-" "Mozilla/5.0 ... show more 45.138.16.85 - - [06/Jan/2025:18:32:28 +0100] "GET /license.txt HTTP/1.1" 404 30325 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
45.138.16.85 - - [06/Jan/2025:18:32:28 +0100] "GET /readme.html HTTP/1.1" 404 30192 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.60"
45.138.16.85 - - [06/Jan/2025:18:32:29 +0100] "GET /wp-admin/install.php?step=1 HTTP/1.1" 403 2318 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
45.138.16.85 - - [06/Jan/2025:18:32:29 +0100] "GET /wp-admin/setup-config.php?step=1 HTTP/1.1" 403 2287 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:117.0) Gecko/20100101 Firefox/117.0"
45.138.16.85 - - [06/Jan/2025:18:32:29 +0100] "GET /wordpress/wp-admin/install.php?step=1 HTTP/1.1" 404 24777 "-" "Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/53
... show less
Exploited Host
Web App Attack
MSZ
2025-01-06 08:16:02
(6 days ago)
Blocked by Fail2Ban (plesk-apache)
Hacking
Brute-Force
Web App Attack
Xuan Can
2025-01-06 01:59:42
(1 week ago)
(mod_security) mod_security (id:20000222) triggered by 45.138.16.85 (PL/Poland/45.138.16.85.powered. ... show more (mod_security) mod_security (id:20000222) triggered by 45.138.16.85 (PL/Poland/45.138.16.85.powered.by.rdp.sh): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 06 08:59:34.416850 2025] [security2:error] [pid 17332:tid 17381] [client 45.138.16.85:64114] [client 45.138.16.85] ModSecurity: Access denied with connection close (phase 2). Pattern match "wp-admin" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "46"] [id "20000222"] [severity "CRITICAL"] [hostname "registrylock.vn"] [uri "/wp-admin/install.php"] [unique_id "Z3s5BhOt3qY_p1bjYnMXLgAAAFU"] show less
Brute-Force
SSH
Xuan Can
2025-01-06 01:11:51
(1 week ago)
(mod_security) mod_security (id:20000222) triggered by 45.138.16.85 (PL/Poland/45.138.16.85.powered. ... show more (mod_security) mod_security (id:20000222) triggered by 45.138.16.85 (PL/Poland/45.138.16.85.powered.by.rdp.sh): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 06 08:11:43.009821 2025] [security2:error] [pid 21503:tid 21546] [client 45.138.16.85:60806] [client 45.138.16.85] ModSecurity: Access denied with connection close (phase 2). Pattern match "wp-admin" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "46"] [id "20000222"] [severity "CRITICAL"] [hostname "pavietnam.com.vn"] [uri "/wp-admin/install.php"] [unique_id "Z3stzwAVwmUHz_m8SnxjowAAAVA"] show less
Brute-Force
SSH
archiv-pm
2025-01-05 21:05:31
(1 week ago)
Probing for resource vulnerabilities HTTP(S)
Web App Attack