Anonymous
2024-10-06 04:42:47
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
stypr
2024-10-06 02:04:02
(1 month ago)
Malicious activity detected on HTTP/HTTPS
Hacking
Brute-Force
Web App Attack
Anonymous
2024-10-06 01:35:49
(1 month ago)
wordpress-trap
Web App Attack
Ba-Yu
2024-10-05 20:30:10
(2 months ago)
WordPress hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
paulshipley.com.au
2024-10-05 19:49:43
(2 months ago)
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:30 +1100] "GET /wp-configs.php HTTP/1. ... show more stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:30 +1100] "GET /wp-configs.php HTTP/1.1" 404 48202 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:32 +1100] "GET /simple.php HTTP/1.1" 404 45472 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:33 +1100] "GET /themes.php HTTP/1.1" 404 45301 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:34 +1100] "GET /ini.php HTTP/1.1" 404 45290 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:35 +1100] "GET /autoload_classmap.php HTTP/1.1" 404 45323 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:37 +1100] "GET /as.php HTTP/1.1" 404 45293 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:38 +1100] "GET /admin/upload/css.php HTTP/1.1" 404 45323 "-" "-"
stkildashule.org.au:443 52.178.139.208 - - [06/Oct/2024:06:49:39 +1100] "GET /.well-known/pki-validation/afnew.php HTTP/1.1" 404 45355 "-" "-"
stkildashule.org.au:
... show less
Web App Attack
Anonymous
2024-10-05 18:14:14
(2 months ago)
wordpress-trap
Web App Attack
URAN Publishing Service
2024-10-03 04:49:48
(2 months ago)
52.178.139.208 - - [03/Oct/2024:07:49:44 +0300] "GET /wp-content/themes/sketch/404.php HTTP/1.1" 404 ... show more 52.178.139.208 - - [03/Oct/2024:07:49:44 +0300] "GET /wp-content/themes/sketch/404.php HTTP/1.1" 404 196 "-" "-"
... show less
Web App Attack
beehivecybersec
2024-10-03 03:03:22
(2 months ago)
Malicious activity detected from 8075 MICROSOFT-CORP-MSN-AS-BLOCK towards host beehive.systems (GET ... show more Malicious activity detected from 8075 MICROSOFT-CORP-MSN-AS-BLOCK towards host beehive.systems (GET HTTP/1.1) @ 2024-10-03T03:03:22Z show less
Open Proxy
VPN IP
Port Scan
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
TPI-Abuse
2024-10-03 02:31:46
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 22:31:43.157090 2024] [security2:error] [pid 26805:tid 26805] [client 52.178.139.208:10177] [client 52.178.139.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "unionega.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zv4CD9njpNtVFpSjjLlG_wAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Burayot
2024-10-03 01:31:09
(2 months ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.178.139.208 (IE/Ireland/-): 2 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.178.139.208 (IE/Ireland/-): 2 in the last 3600 secs show less
Web App Attack
TPI-Abuse
2024-10-03 00:21:51
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 20:21:43.693019 2024] [security2:error] [pid 17510:tid 17510] [client 52.178.139.208:3838] [client 52.178.139.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sanesoftware.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zv3jl-vsqjvT3tzIdKZBHwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-03 00:01:37
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
sernate
2024-10-03 00:00:29
(2 months ago)
(404blocker) 404 trigger 52.178.139.208 (IE/Ireland/-): 80 in the last 3600 secs; Ports: *; Directio ... show more (404blocker) 404 trigger 52.178.139.208 (IE/Ireland/-): 80 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER show less
Brute-Force
TPI-Abuse
2024-10-02 23:49:45
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.178.139.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 19:49:37.225121 2024] [security2:error] [pid 9289:tid 9289] [client 52.178.139.208:10226] [client 52.178.139.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ladymcollection.com"] [uri "/.well-known/pki-validation/wp-config.php"] [unique_id "Zv3cEdaWLnI2-fk68rBrrAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-10-02 23:41:52
(2 months ago)
52.178.139.208 - - [03/Oct/2024:02:41:51 +0300] "GET /wp-content/themes/sketch/404.php HTTP/1.1" 404 ... show more 52.178.139.208 - - [03/Oct/2024:02:41:51 +0300] "GET /wp-content/themes/sketch/404.php HTTP/1.1" 404 196 "-" "-"
... show less
Web App Attack