Anonymous
2025-01-15 19:16:19
(6 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2025-01-15 14:36:57
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 09:36:51.517015 2025] [security2:error] [pid 25476:tid 25476] [client 104.167.27.178:51509] [client 104.167.27.178] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tekbit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tekbit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4fIA4gB1FDkKEqGrjYxigAAAAE"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Jean Valjean
2024-12-31 18:07:00
(3 weeks ago)
Fail2ban Caboom : wp-login.php Bruteforce
Brute-Force
Web App Attack
Anonymous
2024-12-30 08:13:25
(3 weeks ago)
Attempted brute force login to web vpn 8 time(s); last attempt for 2024.12.30 is noted in report tim ... show more Attempted brute force login to web vpn 8 time(s); last attempt for 2024.12.30 is noted in report timestamp show less
Hacking
Brute-Force
Anonymous
2024-12-29 23:07:22
(3 weeks ago)
Attempted brute force login to web vpn 3 time(s); last attempt for 2024.12.29 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2024.12.29 is noted in report timestamp show less
Hacking
Brute-Force
Anonymous
2024-12-18 07:23:46
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
SilverZippo
2024-12-14 16:06:26
(1 month ago)
Web App Attack
Web App Attack
wil.com
2024-12-12 18:44:14
(1 month ago)
GlobalProtect login attempts with user nramirez.
VPN IP
Brute-Force
TPI-Abuse
2024-12-11 10:42:47
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 05:42:44.065932 2024] [security2:error] [pid 31045:tid 31045] [client 104.167.27.178:23405] [client 104.167.27.178] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||newlife.org.au|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "newlife.org.au"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1lspN9-3sxTPqNxTgnmrwAAABA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
mmajdecki
2024-11-20 09:36:40
(2 months ago)
"Failed VPN brute force attack on invalid and valid accounts"
Brute-Force
Anonymous
2024-11-12 02:59:02
(2 months ago)
Brute-Force
nyuuzyou
2024-11-05 04:00:17
(2 months ago)
Intensive scraping: /web?s=cpa%20grip%20alternative&country=lu-lu&scraper=mojeek. User-Agent: Mozill ... show more Intensive scraping: /web?s=cpa%20grip%20alternative&country=lu-lu&scraper=mojeek. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68. show less
Bad Web Bot
TPI-Abuse
2024-10-27 16:13:50
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.167.27.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 27 12:13:43.918534 2024] [security2:error] [pid 16469:tid 16469] [client 104.167.27.178:45349] [client 104.167.27.178] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||laradioactivitat.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "laradioactivitat.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zx5mt2JTveCeMDdHvyHKqQAAAAU"], referer: https://laradioactivitat.com show less
Brute-Force
Bad Web Bot
Web App Attack