Anonymous
2024-01-23 23:39:35
(9 months ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /wp-login.php HTTP/1.1, POST ... show more Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /wp-login.php HTTP/1.1, POST /wp-login.php HTTP/1.1 show less
Hacking
Web App Attack
TPI-Abuse
2024-01-10 12:51:24
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar) ... show more (mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 10 07:51:19.830017 2024] [security2:error] [pid 22911] [client 181.171.11.195:59295] [client 181.171.11.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||persnicketyinc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "persnicketyinc.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZZ6Sx2kT2yXnq4hsIh-8zwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-01-02 14:08:27
(10 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
WebWizards.NZ
2024-01-01 10:00:01
(10 months ago)
Trolling for resource vulnerabilities
Web App Attack
Hirte
2023-12-23 12:46:04
(10 months ago)
C1: Web Attack GET /wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-20 07:02:10
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar) ... show more (mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 20 02:02:02.651019 2023] [security2:error] [pid 3847] [client 181.171.11.195:50759] [client 181.171.11.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nwtree.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nwtree.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZYKRaiK2f6xV_5XyYN_SUAAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2023-12-20 02:03:44
(10 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2023-12-13 22:49:12
(11 months ago)
Trawling for Open Source CMS installs
Hacking
Brute-Force
MAGIC
2023-12-09 19:06:34
(11 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
ManagedStack
2023-12-07 20:29:18
(11 months ago)
Wordpress Attack
Web App Attack
octageeks.com
2023-11-30 05:39:06
(11 months ago)
Wordpress malicious attack:[octaflood]
Web App Attack
octageeks.com
2023-11-30 05:39:05
(11 months ago)
Wordpress malicious attack:[octa404]
Web App Attack
MAGIC
2023-11-28 13:04:26
(11 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2023-11-25 19:25:18
(11 months ago)
(mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar) ... show more (mod_security) mod_security (id:225170) triggered by 181.171.11.195 (195-11-171-181.fibertel.com.ar): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 25 14:25:11.826341 2023] [security2:error] [pid 18703:tid 47589292205824] [client 181.171.11.195:65112] [client 181.171.11.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.visaliacem.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.visaliacem.org"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZWJKF8H79YoWiReQkqKqTQAAARE"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2023-11-13 13:27:11
(1 year ago)
181.171.11.195 - - [13/Nov/2023:15:27:09 +0200] "GET /wp-login.php HTTP/1.1" 404 4776 "-" "Mozilla/5 ... show more 181.171.11.195 - - [13/Nov/2023:15:27:09 +0200] "GET /wp-login.php HTTP/1.1" 404 4776 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
181.171.11.195 - - [13/Nov/2023:15:27:11 +0200] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
... show less
Web App Attack