TPI-Abuse
2024-11-28 10:16:36
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 28 05:16:29.866618 2024] [security2:error] [pid 3751:tid 3754] [client 104.207.56.158:50415] [client 104.207.56.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||robertbellamy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "robertbellamy.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0hC_ap5Qye5GbRe8wHhygAAAUE"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-25 19:04:51
(1 week ago)
XMLRPC Hack Attempts
Hacking
Brute-Force
TPI-Abuse
2024-11-23 00:16:14
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 19:16:11.165107 2024] [security2:error] [pid 11702:tid 11702] [client 104.207.56.158:26531] [client 104.207.56.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||auguststoten.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "auguststoten.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0Eey2et02SpuQFQS8WM1AAAAAQ"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-17 00:21:59
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 19:21:51.033227 2024] [security2:error] [pid 6943:tid 6943] [client 104.207.56.158:42103] [client 104.207.56.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||persnicketyinc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "persnicketyinc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zzk3H2nqFGNXAHjqX1e4DAAAAAg"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 00:19:11
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.56.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 19:19:06.782196 2024] [security2:error] [pid 4819:tid 4819] [client 104.207.56.158:11321] [client 104.207.56.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||itre.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "itre.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzKe-jLPLgrVEBx69dX0YwAAAAI"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
nyuuzyou
2024-10-07 18:09:14
(2 months ago)
Intensive scraping: /web?s=%22Please%20register%20or%20login%20to%20post%20comments%22&country=cs-cs ... show more Intensive scraping: /web?s=%22Please%20register%20or%20login%20to%20post%20comments%22&country=cs-cs&scraper=yep. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15. show less
Bad Web Bot
wil.com
2024-07-18 11:10:03
(4 months ago)
GlobalProtect login attempts with user elaine.
VPN IP
Brute-Force
lp
2024-07-13 06:44:10
(4 months ago)
SSH Brute force: 1 attempts were recorded from 104.207.56.158
2024-07-12T18:38:37+02:00 Invali ... show more SSH Brute force: 1 attempts were recorded from 104.207.56.158
2024-07-12T18:38:37+02:00 Invalid user xkrim35 from 104.207.56.158 port 53045 show less
Brute-Force
SSH
Anonymous
2024-06-21 02:50:46
(5 months ago)
VPN Authentication Brute Force
Brute-Force
Brute-Force
MrDD
2024-06-11 16:02:25
(5 months ago)
"Attempted brute force attack on Cisco VPN"
Brute-Force
Anonymous
2024-06-03 23:17:01
(6 months ago)
Brute-Force