Mediashaker
2024-09-25 07:33:44
(2 weeks ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 216.24.212.180 (US/Unite ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 216.24.212.180 (US/United States/-) show less
Port Scan
Anonymous
2024-09-25 00:04:56
(2 weeks ago)
wordpress-trap
Web App Attack
TPI-Abuse
2024-09-12 23:08:15
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 19:08:10.009899 2024] [security2:error] [pid 18536:tid 18536] [client 216.24.212.180:1603] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nationalenq.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nationalenq.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuN0WpRWXPzSLYv2mcGpCQAAAGk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 22:52:57
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 18:52:43.014730 2024] [security2:error] [pid 17010:tid 17010] [client 216.24.212.180:8987] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bethanyeyecenter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bethanyeyecenter.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuNwuygTAP_spfEtrQkvAwAAADs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 22:35:25
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 18:33:38.608838 2024] [security2:error] [pid 5113:tid 5113] [client 216.24.212.180:44691] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 216.24.212.180 (+1 hits since last alert)|www.3penguinsdesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.3penguinsdesign.com"] [uri "/xmlrpc.php"] [unique_id "ZuNsQtxb7yH_JnlXn06O4gAAAG4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 22:07:20
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 18:05:18.862344 2024] [security2:error] [pid 8451:tid 8451] [client 216.24.212.180:17673] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mcbrearty.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mcbrearty.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuNlnhIBwIoZLxkdELTdSwAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 21:50:39
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 17:50:20.471917 2024] [security2:error] [pid 19198:tid 19198] [client 216.24.212.180:36907] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.numbulary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.numbulary.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuNiHJpw9fZ6xYx7vyGzfgAAAB0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 21:08:07
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 17:06:56.321012 2024] [security2:error] [pid 502:tid 502] [client 216.24.212.180:58581] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 216.24.212.180 (+1 hits since last alert)|sarawagnergrants.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sarawagnergrants.com"] [uri "/xmlrpc.php"] [unique_id "ZuNX8AUlPP86GzbM4yeExgAAADY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 20:36:22
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 16:34:44.626152 2024] [security2:error] [pid 24210:tid 24210] [client 216.24.212.180:17091] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.calogerolawfirm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.calogerolawfirm.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuNQZKuWEwuqx5zKtYF7WwAAAD0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 20:09:30
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 16:09:23.938124 2024] [security2:error] [pid 1911713:tid 1911730] [client 216.24.212.180:27955] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.soundinstitute.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.soundinstitute.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuNKc38sEV6iMPPg3d9ztQAAAI8"] show less
Brute-Force
Bad Web Bot
Web App Attack
JJR
2024-08-26 11:55:35
(1 month ago)
Automated report (2024-08-26T04:55:35-07:00). Hack attempt detected.
Open Proxy
Hacking
TPI-Abuse
2024-07-13 22:38:44
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.24.212.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 18:38:38.377989 2024] [security2:error] [pid 17141] [client 216.24.212.180:60943] [client 216.24.212.180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "varalla.com"] [uri "/api/.env"] [unique_id "ZpMB7jbJQfygEqAHNoAxswAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-07-03 07:06:50
(3 months ago)
Unauthorized connection attempt
Brute-Force
Anonymous
2024-07-02 00:39:52
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-06-28 18:09:18
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot