๐บ๐ธ
MPL
2025-09-07 19:33:33
(10 months ago)
tcp/58637 (2 or more attempts)
Port Scan
๐ซ๐ท
แดสแด
2025-07-13 03:22:24
(1 year ago)
Triggered Cloudflare WAF (l7ddos) from FR.
ASN: 9009 (M247)
Protocol: HTTP/2 (GET method)
UA: Mozill ...
show more
Triggered Cloudflare WAF (l7ddos) from FR.
ASN: 9009 (M247)
Protocol: HTTP/2 (GET method)
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
DDoS Attack
Bad Web Bot
Anonymous
2024-11-17 08:07:11
(1 year ago)
(mod_security) mod_security triggered on hostname [redacted] 45.89.174.44 (FR/France/-)
SQL Injection
๐บ๐ธ
TPI-Abuse
2024-11-17 02:55:54
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 21:55:46.326717 2024] [security2:error] [pid 888:tid 934] [client 45.89.174.44:13829] [client 45.89.174.44] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ainavelas.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZzlbMsEDig-ortonrXFVuwAAAQg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-17 01:20:56
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-11-16 21:05:19
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 16:05:13.240781 2024] [security2:error] [pid 7215:tid 7215] [client 45.89.174.44:18381] [client 45.89.174.44] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newmooncafe.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZzkJCUDV0byDnCcvcthr7gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Roderic
2024-11-16 19:11:37
(1 year ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 45.89.174.44 (FR/France/ ...
show more
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 45.89.174.44 (FR/France/-)
show less
Port Scan
Anonymous
2024-11-16 18:44:01
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-11-16 18:24:00
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 13:23:52.605576 2024] [security2:error] [pid 30866:tid 30866] [client 45.89.174.44:61593] [client 45.89.174.44] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.desarrollosdecolima.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZzjjOB6DU8vjeGhjIJ36wgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Apache
2024-11-16 16:50:27
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (FR/France/-): 5 in the last 300 s ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (FR/France/-): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
Anonymous
2024-11-16 09:12:02
(1 year ago)
Bot / scanning and/or hacking attempts: done, streams: 0/1/1/0/0 (open/recv/resp/push/rst), GET / HT ...
show more
Bot / scanning and/or hacking attempts: done, streams: 0/1/1/0/0 (open/recv/resp/push/rst), GET / HTTP/1.1, GET /wp-content/plugins/db-backup/download.php?file=..%2F..%2F., GET /wp-content/themes/NativeChurch/download/download.php?file=, GET /wp-config.php.sample HTTP/1.1, GET /wp-config.back HTTP/1.1, GET /wp-content/plugins/wp-filemanager/incl/libfile.php?path=.., GET /wp-content/plugins/wp-hide-security-enhancer/router/file-p, GET /wp-config.phpr HTTP/1.1, GET /wp-config.bk HTTP/1.1, GET /wp-config.new HTTP/1.1, GET /wp-config-backup.txt HTTP/1.1, GET /wp-config-sample.php HTTP/1.1, GET /wp-config.php HTTP/1.1, GET /wp-content/plugins/wp-filemanager/incl/libfile.php?&path=., GET /wp-config.php_copy HTTP/1.1, GET /wp-config.php.disabled HTTP/1.1, GET /wp-content/plugins/google-document-embedder/libs/pdf.php?f, GET /wp-config-sample.php.bak HTTP/1.1, GET /wp-config.php.copy HTTP/1.1, GET /wp-config.php.prod HTTP/1.1, GET /wp-config.phpd HTTP/1.1, GET /wp-config.php3 HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-11-16 08:00:06
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 02:59:57.180118 2024] [security2:error] [pid 31628:tid 31628] [client 45.89.174.44:11793] [client 45.89.174.44] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.method1.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZzhQ_VDjSpZC2t-O3DAi1AAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-11-16 07:07:56
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 45.89.174.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 02:07:52.755548 2024] [security2:error] [pid 9334:tid 9334] [client 45.89.174.44:31821] [client 45.89.174.44] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "snegenika.co.il"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZzhEyP031yeAzcOA_GthMwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
DumaNet
2024-11-16 06:46:00
(1 year ago)
WordPress (CMS) attack attempts.
Date: 2024 Nov 16. 03:08:18
Source IP: 45.89.174.44
Portion of ...
show more
WordPress (CMS) attack attempts.
Date: 2024 Nov 16. 03:08:18
Source IP: 45.89.174.44
Portion of the log(s):
45.89.174.44 - [16/Nov/2024:03:08:16 +0100] "GET /wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:03:08:16 +0100] "GET /wp-config.phpo HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:03:08:16 +0100] "GET /wp-config. HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:03:08:16 +0100] "GET /wp-content/themes/responsive-visual/includes/download.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:03:08:16 +0100] "GET /wp-config.php.temp HTTP/1.1" 404 153
show less
Hacking
Web App Attack
๐ญ๐บ
DumaNet
2024-11-16 06:31:00
(1 year ago)
WordPress (CMS) attack attempts.
Date: 2024 Nov 16. 02:57:35
Source IP: 45.89.174.44
Portion of ...
show more
WordPress (CMS) attack attempts.
Date: 2024 Nov 16. 02:57:35
Source IP: 45.89.174.44
Portion of the log(s):
45.89.174.44 - [16/Nov/2024:02:57:32 +0100] "GET /wp-config HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:02:57:32 +0100] "GET /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:02:57:32 +0100] "GET /wp-config.php.org HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:02:57:32 +0100] "GET /wp-config.php.backup HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
45.89.174.44 - [16/Nov/2024:02:57:32 +0100] "GET /wp-config.php1 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/2010
show less
Hacking
Web App Attack