TPI-Abuse
2024-07-24 05:01:08
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.bb.gtr.117.215.134.52.bs ... show more (mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.bb.gtr.117.215.134.52.bsnl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 01:00:58.771689 2024] [security2:error] [pid 22750:tid 22843] [client 117.215.134.52:50219] [client 117.215.134.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hoffmanandassoc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hoffmanandassoc.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZqCKijSnBW2j5wL7yfAI4QAAAYM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-07-11 02:34:36
(4 months ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-06-26 07:36:02
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52. ... show more (mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52.bsnl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 26 03:35:58.306726 2024] [security2:error] [pid 18938] [client 117.215.134.52:51699] [client 117.215.134.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||salernospizza.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "salernospizza.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZnvE3nPBX8uIOrHNQisEwAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-06-20 06:32:00
(5 months ago)
117.215.134.52 - - [20/Jun/2024:09:31:58 +0300] "GET /wp-login.php HTTP/1.1" 404 2969 "-" "Mozilla/5 ... show more 117.215.134.52 - - [20/Jun/2024:09:31:58 +0300] "GET /wp-login.php HTTP/1.1" 404 2969 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
117.215.134.52 - - [20/Jun/2024:09:31:59 +0300] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
... show less
Web App Attack
Web App Attack
Anonymous
2024-06-06 04:38:20
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-06-01 07:15:06
(6 months ago)
(mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52. ... show more (mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52.bsnl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 01 03:14:58.181499 2024] [security2:error] [pid 1657:tid 47590729070336] [client 117.215.134.52:58289] [client 117.215.134.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.killasgarage.bike|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.killasgarage.bike"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZlrKcuts0vDCfhkWU8TRqgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
nationaleventpros.com
2024-05-27 03:26:49
(6 months ago)
WordPress login attempt
Brute-Force
Anonymous
2024-05-10 05:04:06
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Steve
2024-05-06 15:03:07
(6 months ago)
Attempts against non-existent wordpress site
Brute-Force
Web App Attack
Anonymous
2024-05-05 07:20:16
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
10dencehispahard SL
2024-04-29 10:00:46
(7 months ago)
Unauthorized login attempts [ wordpress-xmlrpc, wordpress]
Brute-Force
Web App Attack
Anonymous
2024-04-29 08:22:57
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-23 06:36:46
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-12 02:14:23
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52. ... show more (mod_security) mod_security (id:225170) triggered by 117.215.134.52 (static.ftth.gtr.117.215.134.52.bsnl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 11 22:14:17.809543 2024] [security2:error] [pid 21838] [client 117.215.134.52:55885] [client 117.215.134.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.newdirectionsinmusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZhiY-c59CQ2uNBstETHIoQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-03-26 08:20:37
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot