PKThai
2024-11-08 06:20:28
(2 months ago)
Repeated web service exploit attempts - Repeat offender 167.172.72.97 banned at least 2 times in the ... show more Repeated web service exploit attempts - Repeat offender 167.172.72.97 banned at least 2 times in the last 7 days show less
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-08 06:07:10
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 08 01:07:05.621386 2024] [security2:error] [pid 22129:tid 22129] [client 167.172.72.97:51511] [client 167.172.72.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||limadeltadx.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "limadeltadx.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zy2qiS-UE0gj0y3O8mDrJwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-08 05:26:46
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 08 00:26:42.984065 2024] [security2:error] [pid 6399:tid 6399] [client 167.172.72.97:64322] [client 167.172.72.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nypatriotcards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nypatriotcards.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zy2hEi8JZn6iG9ico0hFlwAAACo"] show less
Brute-Force
Bad Web Bot
Web App Attack
findlab
2024-11-08 05:20:01
(2 months ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
Anonymous
2024-11-08 04:47:02
(2 months ago)
Bot / scanning and/or hacking attempts: GET //?author=2 HTTP/1.1, GET //xmlrpc.php?rsd HTTP/1.1, POS ... show more Bot / scanning and/or hacking attempts: GET //?author=2 HTTP/1.1, GET //xmlrpc.php?rsd HTTP/1.1, POST //xmlrpc.php HTTP/1.1 show less
Hacking
Web App Attack
cmbplf
2024-11-08 04:19:14
(2 months ago)
12.890 requests to */xmlrpc.php
394 requests to */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot
Anonymous
2024-11-08 04:03:43
(2 months ago)
$f2bV_matches
Brute-Force
Web App Attack
mnsf
2024-11-08 04:03:19
(2 months ago)
Xmlrpc Caught (10)
Too many Status 40X (15)
Brute-Force
Web App Attack
TPI-Abuse
2024-11-08 03:34:51
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 167.172.72.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 22:34:46.568837 2024] [security2:error] [pid 7559:tid 7559] [client 167.172.72.97:65345] [client 167.172.72.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gfsprod.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gfsprod.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zy2G1iYOkusmhY93UFWbmwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-08 03:16:16
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
evilazrael.de
2022-04-16 03:05:25
(2 years ago)
Sent mail to target addressed hacked/leaked from Amplitude Studios in 2018
Email Spam
jasperedv.de
2022-04-12 22:39:38
(2 years ago)
SMTP blocked - SPAM
Email Spam
Brute-Force
jasperedv.de
2022-04-09 08:52:02
(2 years ago)
SMTP blocked - DNS Blacklisted
Email Spam
Brute-Force
evilazrael.de
2022-04-08 17:00:21
(2 years ago)
Sent Mail to target address hacked/leaked from Planet3DNow.de
Email Spam
jasperedv.de
2022-04-02 21:42:43
(2 years ago)
SMTP blocked - DNS Blacklisted
Email Spam
Brute-Force