maxxsense
2024-08-20 14:40:48
(3 weeks ago)
(wordpress-user-enum) Failed wordpress-user-enum trigger from 159.65.155.57 (IN/India/501314.cloudwa ... show more (wordpress-user-enum) Failed wordpress-user-enum trigger from 159.65.155.57 (IN/India/501314.cloudwaysapps.com) show less
Brute-Force
TPI-Abuse
2024-08-20 12:04:43
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 08:04:40.382334 2024] [security2:error] [pid 24418:tid 24418] [client 159.65.155.57:33384] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||braintechsoftwaresolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "braintechsoftwaresolutions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsSGWIPEhVFzWZNgjeiP2gAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 11:20:01
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 07:19:53.946828 2024] [security2:error] [pid 23552:tid 23552] [client 159.65.155.57:51964] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rvlinks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rvlinks.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsR72QhICfiw2BCzqkmaFgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 09:45:55
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 05:45:51.950919 2024] [security2:error] [pid 11099:tid 11099] [client 159.65.155.57:16798] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cajunpicasso.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cajunpicasso.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsRlzxZgCquw1APpS26rTgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 09:26:20
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 05:26:16.852313 2024] [security2:error] [pid 18855:tid 18953] [client 159.65.155.57:48592] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||soundinstitute.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "soundinstitute.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsRhOIRAiBkwsur6Tz_NVwAAAFg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 08:27:10
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 04:27:05.772567 2024] [security2:error] [pid 6629:tid 6629] [client 159.65.155.57:38732] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.commongardens.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.commongardens.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsRTWQqBoGfKNrji3lwikAAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 06:13:47
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 02:13:42.908250 2024] [security2:error] [pid 32095:tid 32095] [client 159.65.155.57:39542] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ergocorrect.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ergocorrect.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZsQ0FrpXvTTeTNWxcXDmFAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-01 15:03:54
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 159.65.155.57 (501314.cloudwaysapps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 01 11:03:49.733391 2024] [security2:error] [pid 23624:tid 23624] [client 159.65.155.57:30224] [client 159.65.155.57] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||webuydinwiddiehouses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "webuydinwiddiehouses.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zquj1U6CR87SkC73qgMQpQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-07-28 21:24:42
(1 month ago)
647 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
tecnicorioja
2024-07-18 22:00:24
(1 month ago)
POST /xmlrpc.php [18/Jul/2024:03:43:27
Brute-Force
Web App Attack
Anonymous
2024-07-14 01:42:43
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
ipoac.nl
2024-07-08 19:51:58
(2 months ago)
***:443 159.65.155.57 - - [08/Jul/2024:21:51:57 +0200] *** "POST /xmlrpc.php HTTP/1.1" 403 4742 "-" ... show more ***:443 159.65.155.57 - - [08/Jul/2024:21:51:57 +0200] *** "POST /xmlrpc.php HTTP/1.1" 403 4742 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" show less
Bad Web Bot
Anonymous
2024-07-06 05:52:07
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mawan
2024-07-02 04:32:01
(2 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2024-07-01 00:30:31
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH