bittiguru.fi
2024-12-04 10:57:33
(3 days ago)
156.249.137.156 - [04/Dec/2024:12:57:26 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-Htt ... show more 156.249.137.156 - [04/Dec/2024:12:57:26 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)" "4.99"
156.249.137.156 - [04/Dec/2024:12:57:32 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)" "4.99"
... show less
Hacking
Brute-Force
Web App Attack
Anonymous
2024-12-03 08:29:14
(5 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-02 16:31:27
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 11:31:21.093230 2024] [security2:error] [pid 4987:tid 5001] [client 156.249.137.156:33033] [client 156.249.137.156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||vavryn.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vavryn.net"] [uri "/wp-json/wp/v2/users"] [unique_id "Z03g2fyrodpm4ZUY5WaQYAAAAQw"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-28 03:44:58
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 27 22:44:54.721463 2024] [security2:error] [pid 5693:tid 5693] [client 156.249.137.156:47503] [client 156.249.137.156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||banis-associates.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "banis-associates.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0fnNlzUH_ELZoVCJ95fiQAAABM"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-26 04:28:45
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 23:28:39.541888 2024] [security2:error] [pid 24405:tid 24405] [client 156.249.137.156:50867] [client 156.249.137.156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||alamuru.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "alamuru.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0VOdzGjtCGkooEs_piVwwAAAAA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-18 03:44:41
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 17 22:44:33.784753 2024] [security2:error] [pid 19120:tid 19120] [client 156.249.137.156:24071] [client 156.249.137.156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grdigitaldesigns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grdigitaldesigns.com"] [uri "/QBAsys/wp-json/wp/v2/users"] [unique_id "Zzq4IXaiAJgunJiEtvSUeAAAABA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
SilverZippo
2024-11-13 11:02:02
(3 weeks ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-11-13 05:38:59
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 156.249.137.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 00:38:53.355627 2024] [security2:error] [pid 3416:tid 3416] [client 156.249.137.156:42513] [client 156.249.137.156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||herrell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "herrell.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzQ7becO_IfWSeZSKMNF6AAAAAA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
bittiguru.fi
2024-11-09 20:56:01
(4 weeks ago)
156.249.137.156 - [09/Nov/2024:22:55:54 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-Htt ... show more 156.249.137.156 - [09/Nov/2024:22:55:54 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)" "4.99"
156.249.137.156 - [09/Nov/2024:22:56:00 +0200] "POST /xmlrpc.php HTTP/1.1" 404 10878 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)" "4.99"
... show less
Hacking
Brute-Force
Web App Attack