MAGIC
2023-12-21 07:10:13
(9 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Jim Keir
2023-12-06 08:34:37
(9 months ago)
2023-12-06 08:34:37 185.81.97.78 File scanning, blocking 185.81.97.78 for 5 minutes
Web App Attack
Anonymous
2023-12-02 13:33:29
(10 months ago)
(mod_security) mod_security (id:972687) triggered by 185.81.97.78 (IR/Iran/-): 2 in the last 3600 se ... show more (mod_security) mod_security (id:972687) triggered by 185.81.97.78 (IR/Iran/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Sat Dec 02 10:33:21.828193 2023] [security2:error] [pid 15313] [client 185.81.97.78:58770] [client 185.81.97.78] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "7"] [id "972687"] [msg "xmlrpc request blocked, no referrer"] [hostname "aninseto.com.br"] [uri "/xmlrpc.php"] [unique_id "ZWsyITYsZyPWOveQWfNjpAAAACE"]
[Sat Dec 02 10:33:22.901057 2023] [security2:error] [pid 15296] [client 185.81.97.78:37470] [client 185.81.97.78] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "7"] [id "972687"] [msg "xmlrpc request blocked, no referrer"] [hostname "aninseto.com.br"] [uri "/xmlrpc.php"] [unique_id "ZWsyIukGw_aHV0e8-Bn1OAAAABc"] show less
Port Scan
MAGIC
2023-11-30 15:09:32
(10 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2023-11-27 07:00:21
(10 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Jim Keir
2023-11-24 15:33:52
(10 months ago)
2023-11-24 15:33:52 185.81.97.78 File scanning, blocking 185.81.97.78 for 5 minutes
Web App Attack
mnsf
2023-11-20 23:07:24
(10 months ago)
Xmlrpc Caught (6)
Brute-Force
Web App Attack
mnsf
2023-11-18 22:04:30
(10 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
TPI-Abuse
2023-11-17 23:24:25
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 185.81.97.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 185.81.97.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 17 18:24:20.443188 2023] [security2:error] [pid 16084] [client 185.81.97.78:53042] [client 185.81.97.78] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hoodiemaster.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hoodiemaster.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZVf2JKU74X4wbAM6MQD3iQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-11-17 10:06:25
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 185.81.97.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 185.81.97.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 17 05:06:21.146886 2023] [security2:error] [pid 15944:tid 47887043802880] [client 185.81.97.78:41316] [client 185.81.97.78] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ccp.com.ec|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ccp.com.ec"] [uri "/wp-json/wp/v2/users"] [unique_id "ZVc7HayPL0AULV0odFmCzQAAAI0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2023-11-13 14:31:23
(10 months ago)
(mod_security) mod_security (id:972687) triggered by 185.81.97.78 (IR/Iran/-): 2 in the last 3600 se ... show more (mod_security) mod_security (id:972687) triggered by 185.81.97.78 (IR/Iran/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: [Mon Nov 13 11:31:19.843893 2023] [security2:error] [pid 14555] [client 185.81.97.78:57712] [client 185.81.97.78] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "7"] [id "972687"] [msg "xmlrpc request blocked, no referrer"] [hostname "agkarmas.com.br"] [uri "/xmlrpc.php"] [unique_id "ZVIzN4XxOxWRNdidL5l0dQAAAD0"]
[Mon Nov 13 11:31:21.442333 2023] [security2:error] [pid 14551] [client 185.81.97.78:57722] [client 185.81.97.78] ModSecurity: Access denied with code 401 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "7"] [id "972687"] [msg "xmlrpc request blocked, no referrer"] [hostname "www.agkarmas.com.br"] [uri "/xmlrpc.php"] [unique_id "ZVIzOVySiue4MTYMdgiQDgAAADc"] show less
Port Scan
Swiptly
2023-11-12 21:43:39
(10 months ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
ipoac.nl
2023-11-12 09:00:11
(10 months ago)
2023-11-12T10:00:10.571920+01:00 ipoac.nl wordpress(5fm.nu)[2772577]: XML-RPC authentication failure ... show more 2023-11-12T10:00:10.571920+01:00 ipoac.nl wordpress(5fm.nu)[2772577]: XML-RPC authentication failure for luc from 185.81.97.78 show less
Web App Attack
wnbhosting.dk
2023-10-27 15:49:12
(11 months ago)
WP xmlrpc [2023-10-27T17:49:12+02:00]
Hacking
Web App Attack
wnbhosting.dk
2023-10-27 03:20:37
(11 months ago)
WP xmlrpc [2023-10-27T05:20:37+02:00]
Hacking
Web App Attack