TPI-Abuse
2024-12-05 19:19:33
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 14:19:26.508520 2024] [security2:error] [pid 4201:tid 4208] [client 2400:8901::f03c:93ff:fe9f:a2b9:58890] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||franklin.websitehomepages.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "franklin.websitehomepages.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1H8voxwSixgPuDJnUexugAAAQU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Ba-Yu
2024-12-03 12:50:13
(1 month ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
TPI-Abuse
2024-11-26 07:06:12
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 02:06:04.833621 2024] [security2:error] [pid 285778:tid 285778] [client 2400:8901::f03c:93ff:fe9f:a2b9:54684] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grexicon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grexicon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0VzXGd9WYFOEyWDG__v9wAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
ghostwarriors
2024-11-24 10:50:03
(1 month ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
ksol-hostmaster
2024-11-24 10:19:21
(1 month ago)
2024/11/24 11:19:21 [error] 62635#312162: *3581570 access forbidden by rule, client: 2400:8901::f03c ... show more 2024/11/24 11:19:21 [error] 62635#312162: *3581570 access forbidden by rule, client: 2400:8901::f03c:93ff:fe9f:a2b9, server: revolutionbim.com, request: "POST /xmlrpc.php HTTP/1.1", host: "revolutionbim.com"
... show less
Web Spam
Swiptly
2024-11-23 08:08:05
(1 month ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
ghostwarriors
2024-11-22 09:50:09
(1 month ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
ksol-hostmaster
2024-11-22 09:19:54
(1 month ago)
2024/11/22 10:19:54 [error] 26724#681210: *2988029 access forbidden by rule, client: 2400:8901::f03c ... show more 2024/11/22 10:19:54 [error] 26724#681210: *2988029 access forbidden by rule, client: 2400:8901::f03c:93ff:fe9f:a2b9, server: revolutionbim.com, request: "POST /xmlrpc.php HTTP/1.1", host: "revolutionbim.com"
... show less
Web Spam
Anonymous
2024-11-21 12:39:39
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-11-12 20:01:43
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
eminovic.ba
2024-11-07 20:27:45
(2 months ago)
Wordpress attack
...
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-11-06 00:13:37
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 19:13:31.421601 2024] [security2:error] [pid 12586:tid 12586] [client 2400:8901::f03c:93ff:fe9f:a2b9:32538] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||coolerboxes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "coolerboxes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zyq0q43hohCXNWtbUcb7rwAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-29 02:38:50
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 22:38:45.730751 2024] [security2:error] [pid 22503:tid 22503] [client 2400:8901::f03c:93ff:fe9f:a2b9:13900] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||usaangelinvestors.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "usaangelinvestors.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZyBKtdisbGDSzgFqdu71nwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-29 01:08:55
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 21:08:52.558071 2024] [security2:error] [pid 3412:tid 3412] [client 2400:8901::f03c:93ff:fe9f:a2b9:57714] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aaattanasio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aaattanasio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZyA1pJ3ZLEPyANDQ7jGefQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-28 23:42:02
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 2400:8901::f03c:93ff:fe9f:a2b9 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 19:41:54.748168 2024] [security2:error] [pid 13799:tid 13799] [client 2400:8901::f03c:93ff:fe9f:a2b9:39618] [client 2400:8901::f03c:93ff:fe9f:a2b9] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.j3pr.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.j3pr.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZyAhQvande30WQ9v-XO0XQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack