Mendip_Defender
2024-10-24 14:15:53
(1 month ago)
82.180.145.186 - - [24/Oct/2024:15:15:52 +0100] "GET /wp-content/plugins/apikey/apikey.php?test=hell ... show more 82.180.145.186 - - [24/Oct/2024:15:15:52 +0100] "GET /wp-content/plugins/apikey/apikey.php?test=hello HTTP/1.0" 404 42720 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [24/Oct/2024:15:15:53 +0100] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.0" 404 42720 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Hacking
Web App Attack
sthoyer.de
2024-10-24 10:42:48
(1 month ago)
82.180.145.186 - - [24/Oct/2024:12:42:47 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" ... show more 82.180.145.186 - - [24/Oct/2024:12:42:47 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 302 794 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [24/Oct/2024:12:42:47 +0200] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 1249 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
Major Hostility
2024-10-24 10:19:10
(1 month ago)
"GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404
"GET /wp-content/themes/seotheme/db.ph ... show more "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404
"GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404
"POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.1" 404
"POST /wp-plain.php HTTP/1.1" 404
"POST /alfacgiapi/perl.alfa HTTP/1.1" 404
"GET /oikhwded.php?Fox=d3wL7 HTTP/1.1" 404 show less
Web App Attack
0xffffffff
2024-10-24 09:14:01
(1 month ago)
[2024-10-24 12:13:58.846937] [authz_core:error] [pid 2726497:tid 128466833901248] [client 82.180.145 ... show more [2024-10-24 12:13:58.846937] [authz_core:error] [pid 2726497:tid 128466833901248] [client 82.180.145.186:0] AH01630: client denied by server configuration: /var/www/*/wp-plain.php, referer www.google.com , error_notes:missing-php , URI:'/wp-plain.php'
[2024-10-24 12:13:58.861677] [authz_core:error] [pid 2726496:tid 128466750015168] [client 82.180.145.186:0] AH01630: client denied by server configuration: /var/www/*/ALFA_DATA, referer www.google.com , error_notes:alfa-shell , URI:'/ALFA_DATA/alfacgiapi/perl.alfa'
[2024-10-24 12:13:58.861677] [authz_core:error] [pid 2726496:tid 128466750015168] [client 82.180.145.186:0] AH01630: client denied by server configuration: /var/www/*/ALFA_DATA, referer www.google.com , error_notes:alfa-shell , URI:'/ALFA_DATA/alfacgiapi/perl.alfa'
[2024-10-24 12:13:59.655164] [authz_core:error] [pid 2726496:tid 128466991187648] [client 82.180.145.186:0] AH01630: client denied by server configuration: /var/www/*/alfacgiapi, referer www.google.com , error_notes:alfa-shell , URI:'/alfac show less
Bad Web Bot
Web App Attack
el-brujo
2024-10-24 09:11:17
(1 month ago)
24/Oct/2024:11:11:16.827107 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 24/Oct/2024:11:11:16.827107 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 82.180.145.186] ModSecurity: Warning. Pattern match "(?:^|=)\\\\\\\\s*(?:{|\\\\\\\\s*\\\\\\\\(\\\\\\\\s*|\\\\\\\\w+=(?:[^\\\\\\\\s]*|\\\\\\\\$.*|\\\\\\\\$.*|<.*|>.*|\\\\\\\\'.*\\\\\\\\'|\\\\".*\\\\")\\\\\\\\s+|!\\\\\\\\s*|\\\\\\\\$)*\\\\\\\\s*(?:'|\\\\")*(?:[\\\\\\\\?\\\\\\\\*\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\\)\\\\\\\\-\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"]*(?:l[\\\\\\\\\\\\\\\\'\\\\"]*(?:s(?:[\\\\\\\\\\\\\\\\'\\\\"]*(?:b[\\\\\\\\\\\\\\\\'\\\\"]*_[\\\\\\\\\\\\\\\\'\\\\"]*r[\\\\\\\\\\\\\\\\'\\\\"]*e[\\\\\\\\\\\\\\\\'\\\\"]*l[\\\\\\\\\\\\\\\\' ..." at REQUEST_COOKIES:g. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "464"] [id "932150"] [msg "Remote Command Execution: Direct Unix Command Execution"] [data "Matched Data: echo found within REQUEST_COOKIES:g: echo Sp3ctra"] [severity "CRITICAL"] [ver
... show less
Hacking
Web App Attack
LRob.fr
2024-10-24 09:00:10
(1 month ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
thefoofighter
2024-10-24 08:37:20
(1 month ago)
[Thu Oct 24 08:37:19.425703 2024] [:error] [pid 3127555] [client 82.180.145.186:58139] [client 82.18 ... show more [Thu Oct 24 08:37:19.425703 2024] [:error] [pid 3127555] [client 82.180.145.186:58139] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "aislingmcnally.com"] [uri "/wp-plain.php"] [unique_id "ZxoHPzWZ1U0DH6SWnEe4AgAAAAw"], referer: www.google.com
[Thu Oct 24 08:37:19.748231 2024] [:error] [pid 3127555] [client 82.180.145.186:58139] [client 82.180.145.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [sev
... show less
Bad Web Bot
Web App Attack
penjaga BRIN
2024-10-24 07:39:06
(1 month ago)
Multiple BOT Scanning Attack Detected from same source ip.-111
Web App Attack
el-brujo
2024-10-24 07:36:53
(1 month ago)
Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozlila/5.0 (Linux; An ... show more Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 Action: block Source: firewallManaged ASN Description: CAPL-AS-AP Contabo Asia Private Limited Country: IN Method: GET Timestamp: 2024-10-24T07:36:53Z ruleId: 0242110ae62e44028a13bf4834780914. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Hacking
SQL Injection
Web App Attack
gu-alvareza
2024-10-24 07:05:34
(1 month ago)
ALFA.TEaM.Web.Shell
Hacking
LTM
2024-10-24 06:20:02
(1 month ago)
WebServer - Attempts to exploit
Hacking
Brute-Force
Web App Attack
mw
2024-10-24 06:11:40
(1 month ago)
82.180.145.186 - - [24/Oct/2024:01:11:38 -0500] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" ... show more 82.180.145.186 - - [24/Oct/2024:01:11:38 -0500] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 564 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [24/Oct/2024:01:11:38 -0500] "GET / HTTP/1.1" 403 17034 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [24/Oct/2024:01:11:39 -0500] "POST /wp-plain.php HTTP/1.1" 404 564 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
82.180.145.186 - - [24/Oct/2024:01:11:39 -0500] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 564 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Ver
... show less
Bad Web Bot
Web App Attack
Anonymous
2024-10-24 04:31:54
(1 month ago)
Automated report (2024-10-24T04:31:54+00:00). User agent cited by various attack tools, rootkits, ba ... show more Automated report (2024-10-24T04:31:54+00:00). User agent cited by various attack tools, rootkits, backdoors, webshells, and malware detected. show less
Open Proxy
Hacking
Bad Web Bot
Exploited Host
Web App Attack
paulshipley.com.au
2024-10-24 03:38:59
(1 month ago)
shotbysuzanne.com.au:443 82.180.145.186 - - [24/Oct/2024:14:38:53 +1100] "POST /wp-plain.php HTTP/1. ... show more shotbysuzanne.com.au:443 82.180.145.186 - - [24/Oct/2024:14:38:53 +1100] "POST /wp-plain.php HTTP/1.1" 403 3988 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
shotbysuzanne.com.au:443 82.180.145.186 - - [24/Oct/2024:14:38:53 +1100] "GET /rfgfhspf.php?Fox=d3wL7 HTTP/1.1" 403 675 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
shotbysuzanne.com.au:443 82.180.145.186 - - [24/Oct/2024:14:38:53 +1100] "POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.1" 404 51883 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
shotbysuzanne.com.au:443 82.180.145.186 - - [24/Oct/2024:14:38:54 +1100] "GET /wp-content/themes/seotheme/db.php?u HTTP/1
... show less
Web App Attack
MarkGGN
2024-10-24 02:06:01
(1 month ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent
Bad Web Bot
Web App Attack