taivas.nl
2024-08-10 13:02:02
(1 month ago)
Wordpress_Attack
Web App Attack
Anonymous
2024-08-10 12:51:40
(1 month ago)
suspicious behavior
Brute-Force
Bad Web Bot
Web App Attack
archiv-pm
2024-08-10 11:31:07
(1 month ago)
Probing for resource vulnerabilities HTTP(S)
Web App Attack
TPI-Abuse
2024-08-10 10:20:31
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 06:20:24.676498 2024] [security2:error] [pid 11435:tid 11435] [client 52.47.118.156:53349] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "applemaccomputerconsulting.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "Zrc-6FBP1wZaMX7mirwtQgAAAAQ"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2024-08-10 06:12:33
(1 month ago)
[SatAug1008:12:12.5360962024][security2:error][pid3563399:tid3563454][client52.47.118.156:0][client5 ... show more [SatAug1008:12:12.5360962024][security2:error][pid3563399:tid3563454][client52.47.118.156:0][client52.47.118.156]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp_is_mobile\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"72\"][id\"337741\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AccessPressThemesbackdoorblocked\"][severity\"CRITICAL\"][hostname\"allegraravizza.it\"][uri\"/wp-load.php\"][unique_id\"ZrcEvGTfAcu1Vue0NDsndgAAABg\"]\,referer:www.bing.com[SatAug1008:12:13.8317882024][security2:error][pid3563399:tid3563454][client52.47.118.156:0][client52.47.118.156]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp_is_mobile\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"72\"][id\"337741\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AccessPressThemesbackdoorblocked\"][severity\"CRITICAL\"][hostname\"www.allegraravizza.it\"][uri\"/wp-load.php\"][unique_id\"ZrcEvWTfAcu1Vue0NDsndwAAABg\"]\,refe show less
Port Scan
Brute-Force
Web App Attack
TPI-Abuse
2024-08-10 05:41:18
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 01:41:14.466841 2024] [security2:error] [pid 3770:tid 3848] [client 52.47.118.156:60292] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amphoracollectors.org"] [uri "/wp-includes/css/wp-config.php"] [unique_id "Zrb9ejspcUylmuSxV10IvwAAAAY"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-08-10 03:05:16
(1 month ago)
Too many Status 40X (59)
Request Overload (148)
Brute-Force
Web App Attack
TPI-Abuse
2024-08-10 02:37:30
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 22:37:25.333769 2024] [security2:error] [pid 27286:tid 27286] [client 52.47.118.156:62943] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arsndetx.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "ZrbSZWf1rEHQjsSe7agxsgAAAAA"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-10 01:38:26
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 21:38:19.919496 2024] [security2:error] [pid 10060:tid 10060] [client 52.47.118.156:53217] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alsetsystems.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "ZrbEi-u1uKAGPDd_lz1RhAAAAAU"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-10 00:50:43
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 20:50:36.590186 2024] [security2:error] [pid 988165:tid 988165] [client 52.47.118.156:51117] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amp712.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "Zra5XDqHT6i5rwQ3XKNevgAAAAo"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 21:46:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 17:46:54.606886 2024] [security2:error] [pid 17813:tid 17813] [client 52.47.118.156:57075] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanacademyofteachersofsinging.org"] [uri "/wp-includes/css/wp-config.php"] [unique_id "ZraOTjgaNpfBKnaYoWzUKQAAAAs"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
maxxsense
2024-08-09 20:51:09
(1 month ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 52.47.118.156 (FR/France ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 52.47.118.156 (FR/France/ec2-52-47-118-156.eu-west-3.compute.amazonaws.com) show less
Port Scan
TPI-Abuse
2024-08-09 19:49:29
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 15:49:23.696074 2024] [security2:error] [pid 24323:tid 24323] [client 52.47.118.156:60177] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arellasoc.com"] [uri "/wp-includes/css/wp-config.php"] [unique_id "ZrZyw-TuTy55bRknorUmLAAAAAA"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 19:02:39
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.comp ... show more (mod_security) mod_security (id:210492) triggered by 52.47.118.156 (ec2-52-47-118-156.eu-west-3.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 15:02:34.806506 2024] [security2:error] [pid 25335:tid 25335] [client 52.47.118.156:49347] [client 52.47.118.156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alpipac.org"] [uri "/wp-includes/css/wp-config.php"] [unique_id "ZrZnyp75azqzdGhMJwvQXQAAAAE"], referer: www.bing.com show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-09 18:49:57
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CXS
Brute-Force
SSH