TPI-Abuse
2024-11-13 03:32:15
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 22:32:01.552347 2024] [security2:error] [pid 15646:tid 15646] [client 180.251.229.182:52984] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gepteszt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gepteszt.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzQdsUUg-gL4_iCHMuyjDwAAACI"] show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2024-11-13 03:08:36
(2 months ago)
[WedNov1304:08:23.3489012024][security2:error][pid928309:tid928366][client180.251.229.182:0][client1 ... show more [WedNov1304:08:23.3489012024][security2:error][pid928309:tid928366][client180.251.229.182:0][client180.251.229.182]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"xmlrpc\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/03_asl_dos.conf\"][line\"65\"][id\"392331\"][rev\"3\"][msg\"Atomicorp.comWAFRules:xmlrpcDOSattack\"][severity\"CRITICAL\"][hostname\"mgevents.ch\"][uri\"/xmlrpc.php\"][unique_id\"ZzQYJ6Er6D6NQ-PlZAFn9wAAANI\"][WedNov1304:08:24.5226652024][security2:error][pid928375:tid928451][client180.251.229.182:0][client180.251.229.182]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"xmlrpc\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/03_asl_dos.conf\"][line\"65\"][id\"392331\"][rev\"3\"][msg\"Atomicorp.comWAFRules:xmlrpcDOSattack\"][severity\"CRITICAL\"][hostname\"mgevents.ch\"][uri\"/xmlrpc.php\"][unique_id\"ZzQYKCv9d1wUkZ7OYWUKzwAAABg\"][WedNov1304:08:25.6043342024][security2:error][pid928382:tid928475][client180.251.229.182:0][client180.251.2 show less
Port Scan
Brute-Force
Web App Attack
TPI-Abuse
2024-11-13 02:49:29
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 21:49:14.987166 2024] [security2:error] [pid 23671:tid 23671] [client 180.251.229.182:50938] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||expertprofessionalcleaners.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "expertprofessionalcleaners.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzQTqszVWqkAkRpMzZmjdQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
vaia.cloud
2024-11-13 02:04:02
(2 months ago)
trying wp-login.php/xmlrpc.php 36 times in 1 minutes
Brute-Force
Web App Attack
TPI-Abuse
2024-11-13 01:28:43
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 20:28:26.617482 2024] [security2:error] [pid 18349:tid 18349] [client 180.251.229.182:62787] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mibfans.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mibfans.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzQAuloonQyDv7wi-DGptgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-13 01:07:32
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 20:07:16.195355 2024] [security2:error] [pid 17619:tid 17619] [client 180.251.229.182:65186] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||briannalls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "briannalls.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzP7xFGYioZAoUKWViFpTwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
zynex
2024-11-13 01:05:22
(2 months ago)
URL Probing: /xmlrpc.php
Web App Attack
Anonymous
2024-11-13 00:02:52
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-12 23:46:55
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 18:46:40.583539 2024] [security2:error] [pid 13783:tid 13783] [client 180.251.229.182:65158] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bhhg.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bhhg.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzPo4NOA-ppuQJhaXJPF9AAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
wnbhosting.dk
2024-11-12 22:32:12
(2 months ago)
WP xmlrpc [2024-11-12T23:32:12+01:00]
Hacking
Web App Attack
TPI-Abuse
2024-11-12 22:14:08
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 17:13:51.940793 2024] [security2:error] [pid 1187353:tid 1187353] [client 180.251.229.182:49867] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||citizensforsanity.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "citizensforsanity.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzPTH2AZf6mXmxh89kv1cwAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 21:57:53
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 16:57:36.521666 2024] [security2:error] [pid 31149:tid 31149] [client 180.251.229.182:63826] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bouldercorporate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bouldercorporate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzPPUBJuImLu6AiZ57TfOAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 21:42:41
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 16:42:26.338910 2024] [security2:error] [pid 12552:tid 12552] [client 180.251.229.182:62774] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rockinr.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rockinr.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzPLwhx0FU7EMByHymB3mQAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 21:18:42
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 180.251.229.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 16:18:29.516181 2024] [security2:error] [pid 22340:tid 22340] [client 180.251.229.182:60962] [client 180.251.229.182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||swingboutique.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "swingboutique.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzPGJdq6zT8SaLq9zeUkmQAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-11-12 21:05:23
(2 months ago)
Xmlrpc Caught (16)
Too many Status 40X (15)
Brute-Force
Web App Attack