TPI-Abuse
2024-11-28 22:23:56
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 28 17:23:51.872206 2024] [security2:error] [pid 4901:tid 4901] [client 45.202.79.230:51661] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||transportdelivery.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "transportdelivery.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0jtd2azcvShIXJ8msOX3QAAABI"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
www.unitiz.com
2024-11-28 07:42:59
(1 month ago)
Probing non-existent URLs
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-27 15:05:11
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 27 10:05:06.315754 2024] [security2:error] [pid 4087:tid 4087] [client 45.202.79.230:36529] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||denvercitymotorparts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "denvercitymotorparts.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0c1ImGyAn_-0oqdJ0HCuQAAAAQ"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-11-26 12:45:09
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
MAGIC
2024-11-26 05:02:34
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-23 19:54:04
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 23 14:53:58.074996 2024] [security2:error] [pid 24402:tid 24406] [client 45.202.79.230:19543] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||heworeblack.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "heworeblack.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0Iy1qQKkVc1R6-wJD5PQwAAAAE"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-21 22:41:42
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 21 17:41:38.691003 2024] [security2:error] [pid 7252:tid 7252] [client 45.202.79.230:27477] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.infodrop.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.infodrop.info"] [uri "/sf9/wp-json/wp/v2/users"] [unique_id "Zz-3IivUYYWZ3F6Hps_JYAAAACQ"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-19 04:41:02
(1 month ago)
Bot / scanning and/or hacking attempts: GET /wp-login.php HTTP/1.1, GET /?author=1 HTTP/1.1, GET /ad ... show more Bot / scanning and/or hacking attempts: GET /wp-login.php HTTP/1.1, GET /?author=1 HTTP/1.1, GET /admin HTTP/1.1, POST /xmlrpc.php HTTP/1.1 show less
Hacking
Web App Attack
TPI-Abuse
2024-11-17 04:45:11
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 23:45:04.461669 2024] [security2:error] [pid 10641:tid 10858] [client 45.202.79.230:24481] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gryphix.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gryphix.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zzl00MULoRcsiYq7PvhN2QAAABY"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Jean Valjean
2024-11-16 21:12:09
(1 month ago)
Fail2ban Caboom : wp-login.php Bruteforce
Brute-Force
Web App Attack
Rawcous
2024-11-08 11:12:00
(2 months ago)
Web Server prove and code injiection attempt:
45.202.79.230 - - [07/Nov/2024:19:23:23 +0000] ... show more Web Server prove and code injiection attempt:
45.202.79.230 - - [07/Nov/2024:19:23:23 +0000] "GET /wp-json/wp/v2/users HTTP/1.1" 404 196 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
45.202.79.230 - - [07/Nov/2024:19:23:24 +0000] "GET /?author=1 HTTP/1.1" 200 7081 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
45.202.79.230 - - [07/Nov/2024:19:23:35 +0000] "POST /xmlrpc.php HTTP/1.1" 405 221 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)" show less
Hacking
Web App Attack
nyuuzyou
2024-11-05 07:44:15
(2 months ago)
Intensive scraping: /web?s=sweepstakes%20offers&country=no-no&scraper=yandex. User-Agent: Mozilla/5. ... show more Intensive scraping: /web?s=sweepstakes%20offers&country=no-no&scraper=yandex. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51. show less
Bad Web Bot
TPI-Abuse
2024-10-29 20:26:59
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 45.202.79.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 29 16:26:54.626662 2024] [security2:error] [pid 25013:tid 25013] [client 45.202.79.230:18899] [client 45.202.79.230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||donnysimonton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "donnysimonton.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZyFFDl_P2HteMWUpHLO-QQAAABQ"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack