Anonymous
2024-08-17 02:21:34
(3 weeks ago)
Bot / scanning and/or hacking attempts: GET /wp-login.php HTTP/1.1
Hacking
Web App Attack
ISPLtd
2024-08-17 01:08:23
(3 weeks ago)
207.148.118.84 - - [16/Aug/2024:22:08:21 -0300] "GET /wp-login.php
207.148.118.84 - /wp-login. ... show more 207.148.118.84 - - [16/Aug/2024:22:08:21 -0300] "GET /wp-login.php
207.148.118.84 - /wp-login.php [16/Aug/2024:22:08:22 -0300] "GET /wp-login.php
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-16 20:42:00
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent ... show more (mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 16:41:56.010908 2024] [security2:error] [pid 29174:tid 29174] [client 207.148.118.84:40458] [client 207.148.118.84] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dokuzadabirdeniz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dokuzadabirdeniz.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zr-5lFloF-jQOpYm0j6bzQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
iNetWorker
2024-08-16 19:00:23
(3 weeks ago)
trolling for resource vulnerabilities
Web App Attack
Anonymous
2024-08-16 18:59:22
(3 weeks ago)
207.148.118.84 - - [16/Aug/2024:20:59:21 +0200] "GET /wp-login.php HTTP/1.1" 403 363 "-" "Mozilla/5. ... show more 207.148.118.84 - - [16/Aug/2024:20:59:21 +0200] "GET /wp-login.php HTTP/1.1" 403 363 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0"
... show less
Web App Attack
Anonymous
2024-08-16 18:27:26
(3 weeks ago)
wordpress-trap
Web App Attack
corthorn
2024-08-16 11:02:08
(3 weeks ago)
207.148.118.84 - - [16/Aug/2024:13:02:07 +0200] "POST /xmlrpc.php HTTP/1.1" 403 4193 "-" "Mozilla/5. ... show more 207.148.118.84 - - [16/Aug/2024:13:02:07 +0200] "POST /xmlrpc.php HTTP/1.1" 403 4193 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0"
... show less
Brute-Force
Axel
2024-08-16 10:54:22
(3 weeks ago)
Attempted access to sensitive WordPress file: xmlrpc.php.
Brute-Force
Web App Attack
SSH
mawan
2024-08-16 09:28:17
(3 weeks ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
jasperedv.de
2024-08-16 07:02:06
(3 weeks ago)
Apache Login - Brutforcing
Brute-Force
Web App Attack
Anonymous
2024-08-16 05:45:35
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-08-15 23:42:36
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent ... show more (mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 19:42:28.562832 2024] [security2:error] [pid 20219:tid 20219] [client 207.148.118.84:38532] [client 207.148.118.84] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.puckerbikini.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.puckerbikini.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zr6SZA9WV_eTXeYX--raEgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 20:52:09
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent ... show more (mod_security) mod_security (id:225170) triggered by 207.148.118.84 (207.148.118.84.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 16:52:02.503574 2024] [security2:error] [pid 24904:tid 24904] [client 207.148.118.84:50756] [client 207.148.118.84] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||suntanner.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "suntanner.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zr5qcsjj2elBBH-0MaCl3QAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-15 20:48:00
(3 weeks ago)
wordpress-trap
Web App Attack
Anonymous
2024-08-15 19:27:49
(3 weeks ago)
wordpress-trap
Web App Attack