TPI-Abuse
2024-12-07 08:40:26
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): ... show more (mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 03:40:21.817721 2024] [security2:error] [pid 32700:tid 32700] [client 197.237.167.106:51899] [client 197.237.167.106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.internetgamblingsites.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.internetgamblingsites.net"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z1QJ9VDNC1Iuk18p-lrt3AAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
JimArchon72
2024-12-04 09:05:01
(1 week ago)
2024/12/04 09:03:04 "GET /wp-login.php HTTP/1.1"
Web App Attack
octageeks.com
2024-11-16 05:06:54
(3 weeks ago)
Wordpress malicious attack:[octawpauthor]
Web App Attack
Xuan Can
2024-11-09 15:04:10
(1 month ago)
(mod_security) mod_security (id:6) triggered by 197.237.167.106 (KE/Kenya/197.237.167.106.wananchi.c ... show more (mod_security) mod_security (id:6) triggered by 197.237.167.106 (KE/Kenya/197.237.167.106.wananchi.com): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 09 22:03:59.906202 2024] [security2:error] [pid 6613:tid 6663] [client 197.237.167.106:65399] [client 197.237.167.106] ModSecurity: Access denied with connection close (phase 2). Pattern match "wp-login.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "63"] [id "6"] [severity "CRITICAL"] [hostname "www.sieuthimaychu.vn"] [uri "/wp-login.php"] [unique_id "Zy953wlwXeaHxCV7zICdcwAAAJM"] show less
Brute-Force
SSH
selahattinalan
2024-11-08 12:37:30
(1 month ago)
197.237.167.106 - - [08/Nov/2024:15:37:29 +0300] "GET /xmlrpc.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 ... show more 197.237.167.106 - - [08/Nov/2024:15:37:29 +0300] "GET /xmlrpc.php HTTP/1.1" 404 370 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" show less
Brute-Force
ManagedStack
2024-11-07 09:42:25
(1 month ago)
Wordpress Attack
Web App Attack
Anonymous
2024-10-28 09:20:58
(1 month ago)
Fail2Ban - Nginx Bot Probes
Web App Attack
TPI-Abuse
2024-10-19 09:17:08
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): ... show more (mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 19 05:17:00.977797 2024] [security2:error] [pid 18117:tid 18117] [client 197.237.167.106:56327] [client 197.237.167.106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cayman-islands-real-estate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cayman-islands-real-estate.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZxN5DC-_ne6EyFUrui1bFwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-03 06:49:43
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): ... show more (mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 02:49:36.855612 2024] [security2:error] [pid 2807:tid 2807] [client 197.237.167.106:50681] [client 197.237.167.106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nwtree.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nwtree.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zv4-gKD8WX-H64PujMKnDwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-02 11:36:53
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): ... show more (mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 07:36:45.426834 2024] [security2:error] [pid 4691:tid 4691] [client 197.237.167.106:53394] [client 197.237.167.106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tradersworldmarket.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tradersworldmarket.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zv0wTRfI-qRO0h6LzLVAxgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Steve
2024-09-18 12:20:37
(2 months ago)
Attempts against non-existent wordpress site
Brute-Force
Web App Attack
Lemmy
2024-09-07 08:44:23
(3 months ago)
apache-noscript
Web App Attack
TPI-Abuse
2024-09-03 05:59:01
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): ... show more (mod_security) mod_security (id:225170) triggered by 197.237.167.106 (197.237.167.106.wananchi.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 01:58:52.596733 2024] [security2:error] [pid 23907:tid 23907] [client 197.237.167.106:50172] [client 197.237.167.106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.newdirectionsinmusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZtalnGH8sL0WYFok-ec3oAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-08-21 14:06:23
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Sklurk
2024-08-21 13:30:55
(3 months ago)
Web App Attack
Web App Attack