Savvii
2024-06-19 09:00:11
(2 months ago)
15 attempts against mh-modsecurity-ban on drop
Brute-Force
Brute-Force
Web App Attack
Web App Attack
TPI-Abuse
2024-06-18 06:45:45
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 18 02:45:37.693547 2024] [security2:error] [pid 4803] [client 52.230.152.171:27763] [client 52.230.152.171] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||barkerbehavior.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "barkerbehavior.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZnEtEYyeL6Jy1h9AuVx_swAAAA4"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
MAGIC
2024-06-18 04:12:06
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
DDoS Attack
Bad Web Bot
Bad Web Bot
Unwasted
2024-06-18 03:32:20
(2 months ago)
Abusive content scan (abuse_score:>80)
Hacking
Hacking
Brute-Force
Brute-Force
Web App Attack
Web App Attack
Savvii
2024-06-18 01:48:15
(2 months ago)
15 attempts against mh-modsecurity-ban on drop
Brute-Force
Brute-Force
Web App Attack
Web App Attack
Anonymous
2024-06-13 02:09:53
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
futuremakers.gr
2024-06-12 21:32:56
(3 months ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 52.230.152.171 (US/U ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 52.230.152.171 (US/United States/-) show less
Bad Web Bot
COMAITE
2024-06-12 14:26:18
(3 months ago)
Multiple web server 400 error codes from same source ip 52.230.152.171.
Web App Attack
10dencehispahard SL
2024-06-12 09:04:42
(3 months ago)
Unauthorized login attempts [ bot_accesslogs]
Brute-Force
niceshops.com
2024-06-12 07:44:49
(3 months ago)
Large amount of http-requests in short time ([12/Jun/2024:09:06:02.971] )
Bad Web Bot
TPI-Abuse
2024-06-12 05:44:22
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 12 01:44:14.764188 2024] [security2:error] [pid 1445617:tid 47626613880576] [client 52.230.152.171:40081] [client 52.230.152.171] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ade-summers-photography.com|F|2"] [data ".adetnw.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ade-summers-photography.com"] [uri "/Rupina La, Tsum, and Manaslu Trek/www.adetnw.com"] [unique_id "Zmk1rrzE5LCJ60XTbYOAAAAAAQg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-12 04:29:20
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 52.230.152.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 12 00:29:15.735761 2024] [security2:error] [pid 1312752:tid 46952853014272] [client 52.230.152.171:65117] [client 52.230.152.171] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gafm.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gafm.org"] [uri "/http/charteredfinancialmanager.com"] [unique_id "ZmkkG_OGpH2hhHBA_Uw8pgAAAM0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mendip_Defender
2024-06-12 03:59:31
(3 months ago)
52.230.152.171 - - [12/Jun/2024:04:59:42 +0100] "GET /robots.txt HTTP/1.0" 404 1047 "-" "Mozilla/5.0 ... show more 52.230.152.171 - - [12/Jun/2024:04:59:42 +0100] "GET /robots.txt HTTP/1.0" 404 1047 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.0; +https://openai.com/gptbot)"
... show less
Bad Web Bot
Unwasted
2024-06-12 03:26:20
(3 months ago)
Abusive content scan (abuse_score:>80)
Hacking
Brute-Force
Web App Attack
Savvii
2024-06-12 02:17:36
(3 months ago)
15 attempts against mh-modsecurity-ban on drop
Brute-Force
Web App Attack