axllent
2024-08-08 08:09:18
(2 months ago)
Wordpress login scanning
Brute-Force
Web App Attack
Anonymous
2024-08-07 12:31:02
(2 months ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-08-07 06:52:08
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 02:52:03.855038 2024] [security2:error] [pid 26014:tid 26014] [client 196.189.192.99:12450] [client 196.189.192.99] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tradersworldmarket.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tradersworldmarket.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrMZk7dRc324z7tfo4RU5gAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-08-06 12:01:29
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-08-05 11:22:35
(2 months ago)
196.189.192.99 - - [05/Aug/2024:13:22:04 +0200] "GET /wp-login.php HTTP/1.1" 404 43336 "-" "Mozilla/ ... show more 196.189.192.99 - - [05/Aug/2024:13:22:04 +0200] "GET /wp-login.php HTTP/1.1" 404 43336 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2024:13:22:05 +0200] "GET /xmlrpc.php HTTP/1.1" 404 35918 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2024:13:22:06 +0200] "GET /wp-login.php HTTP/1.1" 404 35915 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2024:13:22:06 +0200] "GET /xmlrpc.php HTTP/1.1" 404 35918 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2024:13:22:31 +0200] "GET /wp-login.php HTTP/1.1" 404 59729 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2024:13:22:32 +0200] "GET /xmlrpc.php HTTP/1.1" 404 52219 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [05/Aug/2
... show less
Brute-Force
TPI-Abuse
2024-08-04 12:17:46
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 04 08:17:41.113394 2024] [security2:error] [pid 8970:tid 8970] [client 196.189.192.99:43550] [client 196.189.192.99] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.newdirectionsinmusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zq9xZdPhmysSP4w6ENdnngAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-31 21:43:55
(3 months ago)
Malicious activity detected
Hacking
Web App Attack
Steve
2024-05-27 13:03:00
(5 months ago)
Attempts against non-existent wordpress site
Brute-Force
Web App Attack
Bytemark
2024-05-27 09:21:45
(5 months ago)
196.189.192.99 - - [27/May/2024:10:21:44 +0100] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 ... show more 196.189.192.99 - - [27/May/2024:10:21:44 +0100] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [27/May/2024:10:21:44 +0100] "GET /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [27/May/2024:10:21:44 +0100] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" show less
Brute-Force
Web App Attack
diego
2024-03-28 12:04:26
(7 months ago)
Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 3600 seconds
DDoS Attack
jcbriar
2024-02-01 02:03:00
(9 months ago)
Searching for vulnerable scripts
Hacking
Web App Attack
URAN Publishing Service
2024-01-31 13:23:54
(9 months ago)
196.189.192.99 - - [31/Jan/2024:15:23:48 +0200] "GET /wp-login.php HTTP/1.1" 404 4783 "-" "Mozilla/5 ... show more 196.189.192.99 - - [31/Jan/2024:15:23:48 +0200] "GET /wp-login.php HTTP/1.1" 404 4783 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
196.189.192.99 - - [31/Jan/2024:15:23:50 +0200] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
... show less
Web App Attack
axllent
2024-01-30 11:38:03
(9 months ago)
Wordpress login scanning
Brute-Force
Web App Attack
TPI-Abuse
2024-01-30 11:02:36
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 196.189.192.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 30 06:02:29.466524 2024] [security2:error] [pid 24642:tid 47693284022016] [client 196.189.192.99:33155] [client 196.189.192.99] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.guitarprimer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.guitarprimer.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZbjXRZG-gizf5CWW6OttdgAAAE8"] show less
Brute-Force
Bad Web Bot
Web App Attack
niceshops.com
2024-01-17 19:30:22
(9 months ago)
Web Attack ([17/Jan/2024:20:30:22.007] GET /wp-login.php)
Web App Attack