Anonymous
2024-11-08 01:17:52
(3 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-11-07 10:06:08
(18 hours ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-06 00:08:22
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 19:08:17.911107 2024] [security2:error] [pid 5731:tid 5731] [client 101.201.66.35:54536] [client 101.201.66.35] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||brbvip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "brbvip.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZyqzcbeAQfWhuMQcsd_LEgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 18:33:39
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 13:33:33.004363 2024] [security2:error] [pid 2460:tid 2460] [client 101.201.66.35:49878] [client 101.201.66.35] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||caquintet.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "caquintet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zypk_J_qEUE7f6On22LTZQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
ipoac.nl
2024-11-03 04:53:40
(4 days ago)
***:443 101.201.66.35 - - [03/Nov/2024:05:53:39 +0100] *** "POST /xmlrpc.php HTTP/1.1" 403 3749 "-" ... show more ***:443 101.201.66.35 - - [03/Nov/2024:05:53:39 +0100] *** "POST /xmlrpc.php HTTP/1.1" 403 3749 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" show less
Bad Web Bot
nationaleventpros.com
2024-11-02 18:12:07
(5 days ago)
WordPress login attempt
Brute-Force
wnbhosting.dk
2024-10-30 14:37:27
(1 week ago)
WP xmlrpc [2024-10-30T15:37:27+01:00]
Hacking
Web App Attack
selahattinalan
2024-10-25 22:39:23
(1 week ago)
101.201.66.35 - - [26/Oct/2024:01:39:23 +0300] "POST /xmlrpc.php HTTP/1.1" 500 4042 "-" "Mozilla/5.0 ... show more 101.201.66.35 - - [26/Oct/2024:01:39:23 +0300] "POST /xmlrpc.php HTTP/1.1" 500 4042 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" show less
Brute-Force
wnbhosting.dk
2024-10-23 07:09:40
(2 weeks ago)
WP xmlrpc [2024-10-23T09:09:40+02:00]
Hacking
Web App Attack
wnbhosting.dk
2024-10-21 23:22:06
(2 weeks ago)
WP xmlrpc [2024-10-22T01:22:06+02:00]
Hacking
Web App Attack
wnbhosting.dk
2024-10-19 10:04:49
(2 weeks ago)
WP xmlrpc [2024-10-19T12:04:49+02:00]
Hacking
Web App Attack
Anonymous
2024-10-18 11:12:52
(2 weeks ago)
XMLRPC Hack Attempts
Hacking
Brute-Force
MAGIC
2024-10-18 08:05:56
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-10-17 00:20:48
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-14 22:30:21
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 101.201.66.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 18:30:13.746304 2024] [security2:error] [pid 6527:tid 6527] [client 101.201.66.35:49808] [client 101.201.66.35] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||farsipraiseclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "farsipraiseclub.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw2bdW5pYpFLTBPgynycYQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack