diego
2024-08-27 13:22:01
(2 weeks ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
Roderic
2024-08-27 12:31:39
(2 weeks ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 41.210.137.122 (UG/Ugand ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 41.210.137.122 (UG/Uganda/h97a.n1.ips.mtn.co.ug) show less
Port Scan
TPI-Abuse
2024-08-03 17:26:52
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 41.210.137.122 (h97a.n1.ips.mtn.co.ug): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 41.210.137.122 (h97a.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 13:26:45.670005 2024] [security2:error] [pid 14407:tid 14554] [client 41.210.137.122:62010] [client 41.210.137.122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.killasgarage.bike|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.killasgarage.bike"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zq5oVdIX3DokrFl4IYswswAAARE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Hirte
2024-07-18 16:22:32
(1 month ago)
HHV: Web Attack GET /wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-18 12:02:16
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 41.210.137.122 (h97a.n1.ips.mtn.co.ug): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 41.210.137.122 (h97a.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 18 08:02:11.594997 2024] [security2:error] [pid 14787:tid 14787] [client 41.210.137.122:53514] [client 41.210.137.122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pazzidipizza.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pazzidipizza.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZpkEQ56YZ9RKvJ6LEDW2-AAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-07-18 12:01:56
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-07-10 13:02:22
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Sklurk
2024-06-25 22:44:38
(2 months ago)
Web App Attack
Web App Attack
MAGIC
2024-05-29 19:03:01
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
URAN Publishing Service
2024-05-26 13:26:01
(3 months ago)
41.210.137.122 - - [26/May/2024:16:26:00 +0300] "GET /wp-login.php HTTP/1.1" 404 3200 "-" "Mozilla/5 ... show more 41.210.137.122 - - [26/May/2024:16:26:00 +0300] "GET /wp-login.php HTTP/1.1" 404 3200 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
41.210.137.122 - - [26/May/2024:16:26:01 +0300] "GET /xmlrpc.php HTTP/1.1" 404 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
... show less
Web App Attack
diego
2024-05-08 08:01:17
(4 months ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
MAGIC
2024-04-25 07:18:42
(4 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
CrystalMaker
2024-03-25 07:09:48
(5 months ago)
Wordpress attack - GET /wp-login.php; GET /xmlrpc.php; GET /wp-login.php; GET /xmlrpc.php
Web App Attack
TPI-Abuse
2024-03-24 00:12:59
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 41.210.137.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 41.210.137.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 23 20:12:45.179340 2024] [security2:error] [pid 29843] [client 41.210.137.122:62892] [client 41.210.137.122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grabagame.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grabagame.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zf9v_ad8x45BSaqyfc63lwAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-23 07:28:04
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH