bescared
2024-05-12 22:19:00
(8 months ago)
Malicious activity detected: URL probing.
Hacking
Bad Web Bot
Web App Attack
Mendip_Defender
2024-05-12 22:16:46
(8 months ago)
103.109.244.109 - - [12/May/2024:23:16:45 +0100] "GET //wp-includes/ID3/license.txt HTTP/2.0" 403 54 ... show more 103.109.244.109 - - [12/May/2024:23:16:45 +0100] "GET //wp-includes/ID3/license.txt HTTP/2.0" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
103.109.244.109 - - [12/May/2024:23:16:45 +0100] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.0" 404 1581 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
... show less
Hacking
Web App Attack
Apache
2024-05-12 22:04:48
(8 months ago)
(mod_security) mod_security (id:210410) triggered by 103.109.244.109 (BE/Belgium/-): 5 in the last 3 ... show more (mod_security) mod_security (id:210410) triggered by 103.109.244.109 (BE/Belgium/-): 5 in the last 300 secs show less
Brute-Force
Web App Attack
taivas.nl
2024-05-12 22:02:12
(8 months ago)
Bad_requests
Bad Web Bot
TPI-Abuse
2024-05-12 20:15:45
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 16:15:38.561588 2024] [security2:error] [pid 7654] [client 103.109.244.109:42210] [client 103.109.244.109] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.skintormint.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.skintormint.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkEjaqg1lOG0c2-w2Y41yAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-05-12 20:00:28
(8 months ago)
10 attempts against mh-misc-ban on snow
Web App Attack
Petros Stefanakis
2024-05-12 19:33:16
(8 months ago)
(wordpress) Failed wordpress login from 103.109.244.109 (BE/Belgium/-)
Brute-Force
TPI-Abuse
2024-05-12 19:27:39
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 15:27:32.024481 2024] [security2:error] [pid 625051] [client 103.109.244.109:50636] [client 103.109.244.109] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.brushmileage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.brushmileage.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkEYJBqVdOt5R2LWDEzQ2AAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
David Gebler
2024-05-12 19:08:36
(8 months ago)
103.109.244.109 - - [12/May/2024:19:08:35 +0000] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 44 ... show more 103.109.244.109 - - [12/May/2024:19:08:35 +0000] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 4425 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" show less
Brute-Force
Web App Attack
TPI-Abuse
2024-05-12 18:59:10
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 14:59:05.341171 2024] [security2:error] [pid 8631:tid 47569317140224] [client 103.109.244.109:58990] [client 103.109.244.109] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jpdesign.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jpdesign.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkEReS7rUwubOTFuEdGlNwAAAQw"] show less
Brute-Force
Bad Web Bot
Web App Attack
COMAITE
2024-05-12 18:35:59
(8 months ago)
Multiple web server 400 error codes from same source ip 103.109.244.109.
Web App Attack
TPI-Abuse
2024-05-12 18:35:25
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 14:35:22.155992 2024] [security2:error] [pid 3423396:tid 47100996318976] [client 103.109.244.109:50774] [client 103.109.244.109] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||maroontribe.philacentric.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "maroontribe.philacentric.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkEL6jL_bHW_eWEIu_gjIgAAAYo"] show less
Brute-Force
Bad Web Bot
Web App Attack
VHosting
2024-05-12 18:19:53
(8 months ago)
Attempt from 103.109.244.109, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-05-12 18:15:59
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.109.244.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 14:15:53.344449 2024] [security2:error] [pid 12063] [client 103.109.244.109:40108] [client 103.109.244.109] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.alaskadreamspublishing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.alaskadreamspublishing.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZkEHWdVaaR6HQ2j14WSpnQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-05-12 18:01:00
(8 months ago)
Attack on wp-login.php.
Brute-Force
Web App Attack