ger-stg-sifi1
2024-09-07 21:06:07
(1 month ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
mawan
2024-09-07 20:05:55
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-09-07 19:59:48
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 15:59:42.883679 2024] [security2:error] [pid 2614:tid 2614] [client 185.125.101.133:38236] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dvdmasters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dvdmasters.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtywrpYQburx4fDomODsfgAAAAI"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
neo72
2024-09-07 19:12:29
(1 month ago)
Spam
Email Spam
TPI-Abuse
2024-09-07 19:06:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 15:05:57.324572 2024] [security2:error] [pid 2319495:tid 2319566] [client 185.125.101.133:43624] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||orthopedica.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "orthopedica.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtykFV7YrQnv6a1E7gNDhwAAAQA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
Marc
2024-09-07 18:31:27
(1 month ago)
Brute-Force
Web App Attack
TPI-Abuse
2024-09-07 18:03:53
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 14:03:48.507494 2024] [security2:error] [pid 22704:tid 22704] [client 185.125.101.133:58102] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||heinzmail.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "heinzmail.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtyVhFrY7rPaU0urUQwqhgAAAAA"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 17:44:28
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 13:44:24.485528 2024] [security2:error] [pid 16232:tid 16232] [client 185.125.101.133:43626] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||margroberts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "margroberts.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtyQ-IgYtM5wL9vsFW-wyQAAAAI"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
taivas.nl
2024-09-07 17:32:12
(1 month ago)
Wordpress_xmlrpc_attack
Bad Web Bot
cmbplf
2024-09-07 17:24:12
(1 month ago)
724 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-09-07 17:19:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 13:18:58.080371 2024] [security2:error] [pid 25736:tid 25736] [client 185.125.101.133:56842] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||magacine.tv|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "magacine.tv"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtyLAi4ayQHq3oLyTaAiygAAAAY"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 16:59:29
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.125.101.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 12:59:22.019587 2024] [security2:error] [pid 9942:tid 9942] [client 185.125.101.133:45098] [client 185.125.101.133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||clinegroup.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "clinegroup.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ZtyGaoyfUCJM-idzgWawZAAAAAs"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
qli.de
2024-09-07 16:58:13
(1 month ago)
185.125.101.133 - - [07/Sep/2024:18:58:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3581 "-" "Apache-Ht ... show more 185.125.101.133 - - [07/Sep/2024:18:58:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3581 "-" "Apache-HttpClient/4.5.13 (Java/11.0.24)"
185.125.101.133 - - [07/Sep/2024:18:58:13 +0200] "POST /wp-login.php HTTP/1.1" 200 7425 "https://qli.de/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
... show less
Hacking
INTEQ
2024-09-07 16:52:33
(1 month ago)
Web attack from 185.125.101.133
Web App Attack
Anonymous
2024-09-07 16:35:02
(1 month ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack