Axel
2024-08-25 21:25:41
(1 month ago)
Attempted access to sensitive WordPress file: xmlrpc.php.
Brute-Force
Web App Attack
SSH
TPI-Abuse
2024-08-25 21:00:52
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 17:00:44.211246 2024] [security2:error] [pid 29738:tid 29738] [client 2402:1f00:8100:b7:::35348] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.3penguinsdesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.3penguinsdesign.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsubfDYyPMGFaZ2VkdN1HAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-25 19:40:51
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 15:40:44.318991 2024] [security2:error] [pid 29123:tid 29123] [client 2402:1f00:8100:b7:::41708] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.lahamradio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.lahamradio.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsuIvBEcTFH8tHS32hZm_gAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-25 18:02:11
(1 month ago)
Aug 25 21:02:10 mail haproxy[1528]: 2402:1f00:8100:b7:::17022 [25/Aug/2024:21:02:10.928] http-in htt ... show more Aug 25 21:02:10 mail haproxy[1528]: 2402:1f00:8100:b7:::17022 [25/Aug/2024:21:02:10.928] http-in http-in/<NOSRV> 0/-1/-1/-1/0 301 102 - - LR-- 1/1/0/0/0 0/0 "GET /wp-login.php HTTP/1.1"
... show less
Brute-Force
Web App Attack
TPI-Abuse
2024-08-25 10:10:18
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 06:10:09.356215 2024] [security2:error] [pid 28548:tid 28548] [client 2402:1f00:8100:b7:::41308] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||advisorstudios.cms2020.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "advisorstudios.cms2020.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZssDARLdyXbyumIRvdep1gAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-25 09:11:06
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 05:11:02.724296 2024] [security2:error] [pid 24029:tid 24029] [client 2402:1f00:8100:b7:::58522] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bluemarineboats.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bluemarineboats.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zsr1JryLhcnQ25oBQMzpngAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-25 08:52:38
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 04:52:30.986452 2024] [security2:error] [pid 12748:tid 12748] [client 2402:1f00:8100:b7:::58064] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.lakependoreillemobility.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lakependoreillemobility.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsrwznO-XD2dGkcWGDhq-AAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
conseilgouz
2024-08-25 05:28:50
(1 month ago)
doe-6 : Trying access system files=>/wp-login.php(wp-login.php)
Hacking
TPI-Abuse
2024-08-25 01:04:20
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 21:04:15.313557 2024] [security2:error] [pid 19574:tid 19574] [client 2402:1f00:8100:b7:::46910] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.genevaatlantic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.genevaatlantic.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqDDzAHLJ-copvwbF2PjQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Hirte
2024-08-24 23:48:55
(1 month ago)
C2: Web Attack GET /wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 22:35:09
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 18:35:03.301697 2024] [security2:error] [pid 2948335:tid 2948338] [client 2402:1f00:8100:b7:::39322] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.honorac.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.honorac.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZspgF_dwKwNV4IP8x2sskwAAAME"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 21:51:43
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 17:51:38.975245 2024] [security2:error] [pid 1161177:tid 1161177] [client 2402:1f00:8100:b7:::58094] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jdeloa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jdeloa.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZspV6l0w6uKMgJId0A1MHQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 20:04:29
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2402:1f00:8100:b7:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 16:04:23.050287 2024] [security2:error] [pid 9565:tid 9565] [client 2402:1f00:8100:b7:::49474] [client 2402:1f00:8100:b7::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.stonehill.myomni.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.stonehill.myomni.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zso8xx3E4JbFZfPQ13D78QAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Axel
2024-08-24 09:44:32
(1 month ago)
Attempted access to sensitive WordPress file: xmlrpc.php.
Brute-Force
Web App Attack
SSH
ger-stg-sifi1
2024-08-24 06:59:11
(1 month ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack