Anonymous
2024-12-03 02:07:19
(1 month ago)
wordpress-trap
Web App Attack
TPI-Abuse
2024-12-03 01:53:45
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 20:53:39.221470 2024] [security2:error] [pid 24949:tid 24949] [client 206.198.150.51:35216] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||havilahmalone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "havilahmalone.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z05ko8F5jCoX6b05aq1NtAAAABg"], referer: http://youcametowin.com///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack
rakkor
2024-12-03 01:46:18
(1 month ago)
2024/12/03 01:46:16 [error] 28170#28170: *244314 FastCGI sent in stderr: "Primary script unknown" wh ... show more 2024/12/03 01:46:16 [error] 28170#28170: *244314 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 206.198.150.51, server: , request: "GET /wp-login.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/php-925b669d-80ec-41dd-b8c8-bf5a26d831bf.sock:", host: "rakkor.uk"
... show less
Hacking
Brute-Force
quicksand
2024-11-25 14:11:42
(1 month ago)
Unsupported user agent typically used for Wordpress exploits [GET /wp-login.php] [Mozilla/5.0 (X11; ... show more Unsupported user agent typically used for Wordpress exploits [GET /wp-login.php] [Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0] show less
Bad Web Bot
Web App Attack
Anonymous
2024-11-25 14:09:44
(1 month ago)
wordpress-trap
Web App Attack
TheMadBeaker
2024-11-25 13:36:25
(1 month ago)
Fail2Ban Ban Triggered
Wordpress Attack Attempt
Brute-Force
Web App Attack
TPI-Abuse
2024-11-25 13:35:51
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 08:35:43.241323 2024] [security2:error] [pid 6433:tid 6433] [client 206.198.150.51:33724] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||clinegroupmarketplace.williamcline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "clinegroupmarketplace.williamcline.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z0R9L6PzJsZi7sA-TwCz9gAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-22 18:47:48
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 13:47:44.328150 2024] [security2:error] [pid 959:tid 959] [client 206.198.150.51:47186] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fitnessgearmagazine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fitnessgearmagazine.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z0DR0K5BwHU-3JD0NbNUrwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-22 18:25:49
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 13:25:43.020261 2024] [security2:error] [pid 2414:tid 2488] [client 206.198.150.51:39732] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||victorchiarizia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "victorchiarizia.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z0DMpxPPjayxVgRv8vwDyAAAAVU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-22 17:58:28
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 12:58:24.840783 2024] [security2:error] [pid 12243:tid 12243] [client 206.198.150.51:41758] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||modalguitarist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "modalguitarist.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z0DGQArrCvgHvnaa4d9uWgAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-22 17:30:42
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 12:30:35.264829 2024] [security2:error] [pid 21115:tid 21115] [client 206.198.150.51:51585] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||atmoorehealthcare.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "atmoorehealthcare.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z0C_u4CE7SHCyoN8GscRrwAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
rafamiga
2024-11-22 16:22:00
(1 month ago)
206.198.150.51 [22/Nov/2024:17:22:50 +0100] "GET /wp-login.php HTTP/1.0" 404 236 "http://*.pl/wp-log ... show more 206.198.150.51 [22/Nov/2024:17:22:50 +0100] "GET /wp-login.php HTTP/1.0" 404 236 "http://*.pl/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0" 542 show less
Port Scan
Web App Attack
Anonymous
2024-11-22 16:07:42
(1 month ago)
wordpress-trap
Web App Attack
selahattinalan
2024-11-22 08:15:57
(1 month ago)
4:12:17206.198.150.51 - - [22/Nov/2024:11:15:56 +0300] "POST /xmlrpc.php HTTP/1.1" 200 3578 "-" "Moz ... show more 4:12:17206.198.150.51 - - [22/Nov/2024:11:15:56 +0300] "POST /xmlrpc.php HTTP/1.1" 200 3578 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0" show less
Brute-Force
TPI-Abuse
2024-07-26 18:25:35
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com ... show more (mod_security) mod_security (id:225170) triggered by 206.198.150.51 (206-198-150-51.cloud.skytap.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 26 14:25:29.372717 2024] [security2:error] [pid 10210:tid 10210] [client 206.198.150.51:48862] [client 206.198.150.51] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.onlinesuretybonds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.onlinesuretybonds.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZqPqGSVsAaNEC1vj_iqR_AAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack