๐บ๐ธ
TPI-Abuse
2024-02-28 18:08:54
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 49.13.17.104 (static.104.17.13.49.clients.your- ...
show more
(mod_security) mod_security (id:225170) triggered by 49.13.17.104 (static.104.17.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 28 13:08:46.838042 2024] [security2:error] [pid 30109] [client 49.13.17.104:54542] [client 49.13.17.104] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||local639.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "local639.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zd92rpfGZ_9PV4ld8dW09wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dwmp
2024-02-28 03:54:10
(2 years ago)
[Wed Feb 28 04:54:07.299056 2024] [authz_core:error] [pid 2673129:tid 140451185153792] [client 49.13 ...
show more
[Wed Feb 28 04:54:07.299056 2024] [authz_core:error] [pid 2673129:tid 140451185153792] [client 49.13.17.104:55313] AH01630: client denied by server configuration: /var/www/vhosts/it-group.it/httpdocs/wp-content/plugins/rencontre
[Wed Feb 28 04:54:07.955175 2024] [authz_core:error] [pid 2673129:tid 140450430170880] [client 49.13.17.104:61502] AH01630: client denied by server configuration: /var/www/vhosts/it-group.it/httpdocs/wp-content/plugins/login-as-customer-or-user
[Wed Feb 28 04:54:08.638541 2024] [authz_core:error] [pid 2673084:tid 140451833612032] [client 49.13.17.104:63641] AH01630: client denied by server configuration: /var/www/vhosts/it-group.it/httpdocs/wp-content/plugins/post-smtp
[Wed Feb 28 04:54:09.329474 2024] [authz_core:error] [pid 2673129:tid 140451159975680] [client 49.13.17.104:51348] AH01630: client denied by server configuration: /var/www/vhosts/it-group.it/httpdocs/wp-content/plugins/ai-engine
[Wed Feb 28 04:54:09.966776 2024] [authz_core:error] [pid 2673084:ti
...
show less
Brute-Force
๐ฉ๐ช
sverson
2024-02-27 22:13:40
(2 years ago)
Automated report / Unauthorized connection attempt
Hacking
Brute-Force
๐ฆ๐บ
weblite
2024-02-27 15:37:26
(2 years ago)
WP_SCANNING
Web App Attack
๐ณ๐ฑ
i-turnradio.nl
2024-02-24 00:52:37
(2 years ago)
2024-02-24 @ 01:52:37 (CET) ~ Blocked for trying to access: /erker/wp/wp-login.php
Web App Attack
๐ฆ๐บ
MAGIC
2024-02-20 16:09:02
(2 years ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐ช๐ธ
10dencehispahard SL
2024-02-20 15:02:05
(2 years ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
๐ฆ๐บ
advena
2024-02-17 00:31:05
(2 years ago)
49.13.17.104 (AS24940 HETZNER-AS) was intercepted at 2024-02-17T00:17:17Z after violating WAF direct ...
show more
49.13.17.104 (AS24940 HETZNER-AS) was intercepted at 2024-02-17T00:17:17Z after violating WAF directive: bot_fight_mode. Pre-cautionary/corrective action applied: managed_challenge.
show less
Web Spam
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
myagent.site
2024-02-16 22:04:59
(2 years ago)
Blocked user enumeration attempt
Hacking
๐ฆ๐บ
paulshipley.com.au
2024-02-16 20:02:24
(2 years ago)
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:20 +1100] "GET //xmlrpc.php?rsd HTTP ...
show more
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:20 +1100] "GET //xmlrpc.php?rsd HTTP/1.1" 403 682 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:21 +1100] "GET //?author=1 HTTP/1.1" 500 3162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:22 +1100] "GET //?author=2 HTTP/1.1" 500 7601 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:24 +1100] "GET //?author=3 HTTP/1.1" 500 7601 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
angleseaarthouse.com.au:443 49.13.17.104 - - [17/Feb/2024:06:58:25 +
...
show less
Web App Attack
๐บ๐ธ
mawan
2024-02-16 19:29:38
(2 years ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฉ๐ช
Jaime
2024-02-13 22:37:00
(2 years ago)
[13/Feb/2024:23:37:32 +0100] "GET /wp-content/plugins/wp-automatic/css/wp-automatic ..." UA "Mozilla ...
show more
[13/Feb/2024:23:37:32 +0100] "GET /wp-content/plugins/wp-automatic/css/wp-automatic ..." UA "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Web Spam
๐บ๐ธ
mawan
2024-02-12 21:09:56
(2 years ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฌ๐ง
Mendip_Defender
2024-02-09 18:48:50
(2 years ago)
49.13.17.104 - - [09/Feb/2024:18:48:57 +0000] "GET /wp-content/plugins/bertha-ai-free/readme.txt HTT ...
show more
49.13.17.104 - - [09/Feb/2024:18:48:57 +0000] "GET /wp-content/plugins/bertha-ai-free/readme.txt HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Linux; Android 11; ONEPLUS A6013) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.143 Mobile Safari/537.36"
49.13.17.104 - - [09/Feb/2024:18:48:58 +0000] "GET /wp-content/plugins/rencontre/readme.txt HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
...
show less
Hacking
Web App Attack
๐ฌ๐ง
rakkor
2024-02-09 17:45:46
(2 years ago)
2024-02-09T17:45:45+00:00 NAS [Fri Feb 09 17:45:45.659057 2024] [proxy_fcgi:error] [pid 25095:tid 14 ...
show more
2024-02-09T17:45:45+00:00 NAS [Fri Feb 09 17:45:45.659057 2024] [proxy_fcgi:error] [pid 25095:tid 140480729839296] [client 49.13.17.104:33360] AH01071: Got error 'Primary script unknown'
...
show less
Hacking
Brute-Force