el-brujo
2024-11-29 04:35:22
(1 week ago)
[Fri Nov 29 05:35:21.807393 2024] [proxy_fcgi:error] [pid 2298944:tid 2299034] [client 200.55.64.95: ... show more [Fri Nov 29 05:35:21.807393 2024] [proxy_fcgi:error] [pid 2298944:tid 2299034] [client 200.55.64.95:23908] AH01071: Got error 'Primary script unknown'
[Fri Nov 29 05:35:22.618547 2024] [proxy_fcgi:error] [pid 2018758:tid 2018859] [client 200.55.64.95:23916] AH01071: Got error 'Primary script unknown'
... show less
Hacking
Web App Attack
MAGIC
2024-11-18 23:02:16
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-11-14 06:38:39
(3 weeks ago)
Trawling for Open Source CMS user accounts
Hacking
Brute-Force
Anonymous
2024-11-05 12:36:59
(1 month ago)
wordpress-trap
Web App Attack
zynex
2024-11-05 01:37:21
(1 month ago)
URL Probing: /xmlrpc.php
Web App Attack
Anonymous
2024-10-29 16:43:59
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Roderic
2024-10-28 21:46:23
(1 month ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 200.55.64.95 (AR/Argenti ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 200.55.64.95 (AR/Argentina/200-55-64-95.dsl.prima.net.ar) show less
Port Scan
Anonymous
2024-09-16 02:23:35
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-10 23:45:37
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 ... show more (mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 19:45:31.450553 2024] [security2:error] [pid 4606:tid 4606] [client 200.55.64.95:59181] [client 200.55.64.95] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||exhaustthelimits.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "exhaustthelimits.org"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZuDaG792tpL2-ZTtNUQ7CwAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-31 00:33:08
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 ... show more (mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 30 20:33:03.019710 2024] [security2:error] [pid 6754:tid 6754] [client 200.55.64.95:23326] [client 200.55.64.95] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||campnecon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "campnecon.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZtJkv1udlf2eDsmGfLbh8QAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-06-25 15:11:53
(5 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-06-08 11:44:14
(5 months ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-06-08 05:03:20
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 ... show more (mod_security) mod_security (id:225170) triggered by 200.55.64.95 (200-55-64-95.dsl.prima.net.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 08 01:03:15.223567 2024] [security2:error] [pid 11348] [client 200.55.64.95:29942] [client 200.55.64.95] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tradersworldmarket.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tradersworldmarket.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZmPmE-LTYaAaJW5ktlmtcQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
theEngineer
2024-06-07 23:49:20
(6 months ago)
[00:49:18] 11: Scanning for Exploits - /wp-login.php
Hacking
Web App Attack
MAGIC
2024-06-07 01:04:46
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot