myagent.site
2024-03-06 08:54:46
(10 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php
Hacking
TPI-Abuse
2024-03-05 22:17:10
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 17:17:02.968431 2024] [security2:error] [pid 15920] [client 120.76.193.63:50492] [client 120.76.193.63] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||michelehoop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "michelehoop.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeeZ3vFXy40dvEFnn29J8AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-05 16:47:34
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 11:47:27.708899 2024] [security2:error] [pid 7661] [client 120.76.193.63:53424] [client 120.76.193.63] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.ruthbalser.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.ruthbalser.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZedMn1t5tFu0AEhyL7qQbgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-05 13:55:29
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 05 08:55:22.227016 2024] [security2:error] [pid 27435] [client 120.76.193.63:56230] [client 120.76.193.63] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||thegoodcia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thegoodcia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeckSnlL10GbZvJvDmt-SgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-04 07:23:40
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 120.76.193.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 04 02:23:37.626874 2024] [security2:error] [pid 31564] [client 120.76.193.63:56346] [client 120.76.193.63] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.wpcoc.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.wpcoc.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZeV2-SJjyoxR3oomJE5O7gAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-03 16:56:06
(10 months ago)
(wordpress-user-enum) Failed wordpress-user-enum trigger from 120.76.193.63 (CN/China/-)
Brute-Force
stinpriza
2024-03-03 06:19:04
(10 months ago)
WP Authentication attempt for unknown user
Brute-Force
Web App Attack
wnbhosting.dk
2024-02-27 19:58:00
(10 months ago)
WP xmlrpc [2024-02-27T20:58:00+01:00]
Hacking
Web App Attack
ger-stg-sifi1
2024-02-27 16:34:01
(10 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
wnbhosting.dk
2024-02-27 12:20:39
(10 months ago)
WP xmlrpc [2024-02-27T13:20:39+01:00]
Hacking
Web App Attack
Jim Keir
2024-02-27 02:34:52
(10 months ago)
2024-02-27 02:34:52 120.76.193.63 File scanning, blocking 120.76.193.63 for 5 minutes
Web App Attack
Jim Keir
2024-02-27 01:00:58
(10 months ago)
2024-02-27 01:00:57 120.76.193.63 File scanning, blocking 120.76.193.63 for 5 minutes
Web App Attack
wnbhosting.dk
2024-02-26 22:51:20
(10 months ago)
WP xmlrpc [2024-02-26T23:51:20+01:00]
Hacking
Web App Attack
Jim Keir
2024-02-25 19:28:54
(10 months ago)
2024-02-25 19:28:53 120.76.193.63 File scanning, blocking 120.76.193.63 for 5 minutes
Web App Attack
Cloudkul Cloudkul
2024-02-25 02:10:04
(10 months ago)
This IP address is being reported for abusive behavior.
Brute-Force