Gateway_NOC
2024-08-07 15:45:55
(2 months ago)
postfix brute force sasl attack
Brute-Force
Anonymous
2024-07-26 04:35:38
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-22 00:32:33
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-17 09:08:00
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-12 07:24:57
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-12 01:28:03
(2 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
TPI-Abuse
2024-07-09 07:34:50
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 09 03:34:44.785844 2024] [security2:error] [pid 13195] [client 104.28.156.150:35784] [client 104.28.156.150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||casapapayasanmiguel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "casapapayasanmiguel.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZozoFNNpkCPrci2ZzZ5YegAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-09 05:52:28
(3 months ago)
Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096, ... show more Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,3306,2195; Direction: 0; Trigger: LF_CUSTOMTRIGGER show less
Brute-Force
SSH
Anonymous
2024-07-09 03:04:00
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-07-09 00:11:58
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 20:11:51.800875 2024] [security2:error] [pid 21724] [client 104.28.156.150:36389] [client 104.28.156.150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 104.28.156.150 (+1 hits since last alert)|roguetechhub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechhub.com"] [uri "/xmlrpc.php"] [unique_id "ZoyAR0XotGmIGLdRVSzYuQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-08 18:15:00
(3 months ago)
Attack on wp-login.php.
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-07-08 17:29:14
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 13:29:11.024975 2024] [security2:error] [pid 7387] [client 104.28.156.150:36303] [client 104.28.156.150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||magacine.tv|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "magacine.tv"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zowh51tD4qVCcNnu9sRAtgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-08 13:58:42
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 09:58:35.530778 2024] [security2:error] [pid 15994] [client 104.28.156.150:37135] [client 104.28.156.150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mirai-labo.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mirai-labo.com"] [uri "/develop/wp-json/wp/v2/users/"] [unique_id "Zovwiz9sFlvcT0kS3dnieAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
nv
2024-07-08 12:57:04
(3 months ago)
104.28.156.150 - - [08/Jul/2024:14:57:03 +0200] "GET /wp-includes/id3/license.txt/2020/wp-includes/w ... show more 104.28.156.150 - - [08/Jul/2024:14:57:03 +0200] "GET /wp-includes/id3/license.txt/2020/wp-includes/wlwmanifest.xml HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" show less
Web App Attack
TPI-Abuse
2024-07-08 09:28:44
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.156.150 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 05:28:41.217180 2024] [security2:error] [pid 23745] [client 104.28.156.150:35184] [client 104.28.156.150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.caralis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.caralis.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZouxSUgf5S4fAyrLGBMb6wAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack