๐ฆ๐บ
MAGIC
2024-03-07 02:19:41
(2 years ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2024-03-06 04:14:11
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 23:14:06.425194 2024] [security2:error] [pid 21402] [client 109.123.239.189:47584] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.dupagekanewildliferemoval.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.dupagekanewildliferemoval.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeftjsW9jnohjOY_2KHwzQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-06 00:01:49
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 19:01:41.482340 2024] [security2:error] [pid 28102:tid 47066757768960] [client 109.123.239.189:42454] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sevenislandsvilla.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sevenislandsvilla.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeeyZbxyOOb_ZrXiaLugcQAAAI8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-05 22:14:04
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 17:13:57.792604 2024] [security2:error] [pid 20832] [client 109.123.239.189:47180] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tedharris.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tedharris.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeeZJb0pzA39EXXJCf3W9wAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-05 17:04:37
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 12:04:31.782916 2024] [security2:error] [pid 11865] [client 109.123.239.189:54208] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.mixmediallc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.mixmediallc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZedQn-uYXVAHlQ3Y5p2HAQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-05 15:39:26
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 10:39:21.942073 2024] [security2:error] [pid 6922] [client 109.123.239.189:53424] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||webersource.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "webersource.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zec8qZR2S5Jhj9SoIOv6WAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-04 09:49:29
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 04 04:49:25.466293 2024] [security2:error] [pid 11929] [client 109.123.239.189:35364] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.starcrestsales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.starcrestsales.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeWZJaqh6H_ApNRHnPoLiAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-03-04 06:51:35
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): ...
show more
(mod_security) mod_security (id:225170) triggered by 109.123.239.189 (vmi1394782.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 04 01:51:28.671357 2024] [security2:error] [pid 24425] [client 109.123.239.189:59418] [client 109.123.239.189] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.walc.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.walc.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeVvcIbu6DO0x9fC0vN97AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2024-03-03 07:09:09
(2 years ago)
(wordpress-user-enum) Failed wordpress-user-enum trigger from 109.123.239.189 (SG/Singapore/vmi13947 ...
show more
(wordpress-user-enum) Failed wordpress-user-enum trigger from 109.123.239.189 (SG/Singapore/vmi1394782.contaboserver.net): (CF_ENABLE)
show less
Brute-Force
Anonymous
2024-02-28 17:50:15
(2 years ago)
Attack on xmlrpc.php.
Hacking
Brute-Force
Web App Attack
Anonymous
2024-02-28 10:51:59
(2 years ago)
109.123.239.189 - - [28/Feb/2024:11:51:54 +0100] "POST /xmlrpc.php HTTP/1.0" 404 21386 "-" "Mozilla/ ...
show more
109.123.239.189 - - [28/Feb/2024:11:51:54 +0100] "POST /xmlrpc.php HTTP/1.0" 404 21386 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36"
109.123.239.189 - - [28/Feb/2024:11:51:57 +0100] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 21386 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36"
109.123.239.189 - - [28/Feb/2024:11:51:58 +0100] "POST /wp/xmlrpc.php HTTP/1.0" 404 21386 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ฐ
wnbhosting.dk
2024-02-26 10:10:47
(2 years ago)
WP xmlrpc [2024-02-26T11:10:47+01:00]
Hacking
Web App Attack
๐ฉ๐ฐ
wnbhosting.dk
2024-02-25 17:31:04
(2 years ago)
WP xmlrpc [2024-02-25T18:31:04+01:00]
Hacking
Web App Attack
๐ฎ๐ช
Jim Keir
2024-02-24 12:01:47
(2 years ago)
2024-02-24 12:01:47 109.123.239.189 File scanning, blocking 109.123.239.189 for 5 minutes
Web App Attack
๐ฉ๐ฐ
wnbhosting.dk
2024-02-24 10:33:35
(2 years ago)
WP xmlrpc [2024-02-24T11:33:35+01:00]
Hacking
Web App Attack