๐ต๐ฑ
sefinek.net
2024-10-16 23:58:53
(1 year ago)
Triggered Cloudflare WAF (firewallCustom) from KR.
Action taken: BLOCK
ASN: 16509 (AMAZON-02)
Protoc ...
show more
Triggered Cloudflare WAF (firewallCustom) from KR.
Action taken: BLOCK
ASN: 16509 (AMAZON-02)
Protocol: HTTP/1.1 (method GET)
Domain: pride.sefinek.net
Endpoint: /wp-login.php
Timestamp: 2024-10-16T23:55:18Z
Ray ID: 8d3bfaa0094cd1e3
Rule ID: 28ce88ae31c84d638aec7f360a4f64af
UA: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0
Report generated by Node-Cloudflare-WAF-AbuseIPDB https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
Gwyneth Llewelyn
2024-10-16 22:08:24
(1 year ago)
2406:da12:f12:e500:cb2d:76d7:3fdf:f9db - - [16/Oct/2024:23:08:22 +0100] "GET /wp-login.php HTTP/2.0" ...
show more
2406:da12:f12:e500:cb2d:76d7:3fdf:f9db - - [16/Oct/2024:23:08:22 +0100] "GET /wp-login.php HTTP/2.0" 404 994 "http://projects.betatechnologies.info/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0"
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2024-10-16 20:15:53
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 16:15:46.526729 2024] [security2:error] [pid 21896:tid 21896] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:36700] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.fatcavestudios.fatcavemedia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fatcavestudios.fatcavemedia.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxAe8luHhNbhp4PrmDliswAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-16 19:55:28
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 15:55:22.941063 2024] [security2:error] [pid 6782:tid 6782] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:45700] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.amsterdamlayovers.thinkingepic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.amsterdamlayovers.thinkingepic.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxAaKjIrkv_f4Q223m1c7gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-16 18:59:34
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 14:59:28.807257 2024] [security2:error] [pid 2674:tid 2692] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:41538] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gabegabel.prismatik.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gabegabel.prismatik.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxANEAdjTe1OVSNSn0veoQAAAQg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-15 14:26:19
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:26:15.746882 2024] [security2:error] [pid 5178:tid 5178] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:59952] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||manaplas.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "manaplas.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw57h49zAaq3Jh2R9HmlgQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2024-10-15 13:06:10
(1 year ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
LRob
2024-10-14 21:11:24
(1 year ago)
Failed login attempt detected by Fail2Ban in plesk-apache jail
Web App Attack
Anonymous
2024-10-14 08:05:25
(1 year ago)
Failed login attempt detected by Fail2Ban in plesk-apache jail
Web App Attack
๐ณ๐ฑ
Roderic
2024-10-14 05:23:07
(1 year ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 2406:da12:f12:e500:cb2d: ...
show more
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (KR/South Korea/-)
show less
Port Scan
๐ฉ๐ช
ger-stg-sifi1
2024-10-14 04:34:56
(1 year ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-13 20:25:55
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 16:25:50.325228 2024] [security2:error] [pid 3371:tid 3371] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:40896] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mfleetservice.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mfleetservice.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zwwszn2dshNEPi7BlTGTXAAAAAM"], referer: http://mfleetservice.net///wp-json/wp/v2/users/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-10-13 20:03:12
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown ...
show more
(mod_security) mod_security (id:225170) triggered by 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 16:03:07.919616 2024] [security2:error] [pid 29298:tid 29298] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db:40094] [client 2406:da12:f12:e500:cb2d:76d7:3fdf:f9db] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cpectec.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cpectec.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZwwnezsABegu_25VzJlA-gAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2024-10-11 05:25:15
(1 year ago)
1.588 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฌ๐ง
Swiptly
2024-10-11 05:12:25
(1 year ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack