wnbhosting.dk
2024-10-24 03:10:13
(1 month ago)
WP xmlrpc [2024-10-24T05:10:13+02:00]
Hacking
Web App Attack
wnbhosting.dk
2024-10-23 04:48:30
(1 month ago)
WP xmlrpc [2024-10-23T06:48:30+02:00]
Hacking
Web App Attack
Swiptly
2024-10-20 03:21:30
(1 month ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
mnsf
2024-10-18 22:01:18
(1 month ago)
Xmlrpc Caught (7)
Brute-Force
Web App Attack
georgengelmann
2024-10-17 16:38:45
(1 month ago)
Failed login attempt for pedro
Brute-Force
Web App Attack
Anonymous
2024-10-17 13:07:33
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-16 12:43:43
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-15 15:02:46
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 11:02:38.423288 2024] [security2:error] [pid 20941:tid 20941] [client 109.123.246.87:39178] [client 109.123.246.87] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||statbotics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "statbotics.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw6EDv7Q0rVSfzObRMSemAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 01:55:03
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 21:54:55.714328 2024] [security2:error] [pid 27614:tid 27614] [client 109.123.246.87:59794] [client 109.123.246.87] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.hdsniderphoto.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.hdsniderphoto.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw3Lb7fyoAMnNCI0lLTbjAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 00:47:35
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 20:47:31.299232 2024] [security2:error] [pid 31216:tid 31216] [client 109.123.246.87:57150] [client 109.123.246.87] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.travelwithsarahellen.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.travelwithsarahellen.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw27o6wwnmRmhKmcBlqfMgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-14 21:04:46
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 17:04:41.144991 2024] [security2:error] [pid 17872:tid 17872] [client 109.123.246.87:53672] [client 109.123.246.87] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ironsightsarmory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ironsightsarmory.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw2HacCPVpse5gBUeyU_0wAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-14 18:15:51
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 109.123.246.87 (vmi1069956.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 14:15:43.458266 2024] [security2:error] [pid 2268:tid 2268] [client 109.123.246.87:53850] [client 109.123.246.87] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.onlinesuretybonds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.onlinesuretybonds.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zw1fz9I-OwWKtjqAz19olwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Malta
2024-10-14 05:18:19
(1 month ago)
109.123.246.87 - - [14/Oct/2024:07:18:19 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 109.123.246.87 - - [14/Oct/2024:07:18:19 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
Ba-Yu
2024-10-13 12:24:51
(1 month ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
Anonymous
2024-10-13 11:56:22
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH