TPI-Abuse
2024-12-12 23:38:22
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 18:38:18.829075 2024] [security2:error] [pid 947977:tid 947977] [client 18.218.196.14:53279] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||justiart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "justiart.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1tz6gxSm0EgpHfqN6i83gAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-12 18:56:56
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 13:56:49.162241 2024] [security2:error] [pid 26003:tid 26003] [client 18.218.196.14:62893] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.riedmannfamily.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.riedmannfamily.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1sx8UP3WupfbG5h4HKpZgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-12 13:29:56
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 08:29:51.987437 2024] [security2:error] [pid 16332:tid 16332] [client 18.218.196.14:63997] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.donnrowe.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.donnrowe.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1rlT1aQwhe1c2FxwvpV1wAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-12 12:00:32
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 07:00:26.037333 2024] [security2:error] [pid 12552:tid 12552] [client 18.218.196.14:56132] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.holistichealth4u2.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.holistichealth4u2.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1rQWjCd8XtBgDh8yGhY4gAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-12 11:42:24
(1 month ago)
(wordpress) Failed wordpress login from 18.218.196.14 (US/United States/ec2-18-218-196-14.us-east-2. ... show more (wordpress) Failed wordpress login from 18.218.196.14 (US/United States/ec2-18-218-196-14.us-east-2.compute.amazonaws.com) show less
Brute-Force
TPI-Abuse
2024-12-12 03:58:24
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 22:58:17.036335 2024] [security2:error] [pid 28767:tid 28767] [client 18.218.196.14:61596] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ftiptondds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ftiptondds.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1pfWSZLm_fKk1ZhwOvrAQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-11 22:55:47
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 17:55:41.131776 2024] [security2:error] [pid 2061682:tid 2061682] [client 18.218.196.14:49426] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.northfortworthalliance.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.northfortworthalliance.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1oYba-bfkzEIDGRhJN-YwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-12-11 21:22:05
(1 month ago)
4.392 POST requests to */wp-login.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-12-11 20:25:52
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 15:25:48.849434 2024] [security2:error] [pid 12936:tid 12944] [client 18.218.196.14:55821] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||victorchiarizia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "victorchiarizia.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1n1TDTguBJVfV5G4Qq-jQAAAMU"] show less
Brute-Force
Bad Web Bot
Web App Attack
GabrielJST
2024-12-11 20:13:13
(1 month ago)
(wordpress) Failed wordpress login from 18.218.196.14 (US/United States/ec2-18-218-196-14.us-east-2. ... show more (wordpress) Failed wordpress login from 18.218.196.14 (US/United States/ec2-18-218-196-14.us-east-2.compute.amazonaws.com) show less
Brute-Force
TPI-Abuse
2024-12-11 19:50:27
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 14:50:21.836576 2024] [security2:error] [pid 10978:tid 10978] [client 18.218.196.14:49882] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.tgdingenieria.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tgdingenieria.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1ns_XUiN3RRiuLSZREu_wAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-11 19:22:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 18.218.196.14 (ec2-18-218-196-14.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 14:21:56.524424 2024] [security2:error] [pid 11821:tid 11821] [client 18.218.196.14:52570] [client 18.218.196.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||annropp.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "annropp.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1nmVMAWMRljtUGZ6BtqywAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-12-11 19:09:46
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-12-11 18:30:05
(1 month ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
VHosting
2024-12-11 18:24:22
(1 month ago)
Attempt from 18.218.196.14, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot