Ba-Yu
2025-01-20 16:40:13
(1 day ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
Cloudkul Cloudkul
2025-01-19 06:45:08
(2 days ago)
Multiple unauthorized attempts to access web resources
Brute-Force
Web App Attack
TPI-Abuse
2025-01-17 19:04:33
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 17 14:04:28.204047 2025] [security2:error] [pid 17544:tid 17544] [client 2a01:4f8:c012:fbb4::1:33196] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.ewingmissouri.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.ewingmissouri.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4qpvDsNIibJ4N3KaoWB3QAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-17 18:25:22
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 17 13:25:18.083602 2025] [security2:error] [pid 2710437:tid 2710437] [client 2a01:4f8:c012:fbb4::1:52370] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||beirutbazar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "beirutbazar.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4qgji9lUpqvPy-DT_W4dQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-17 13:42:56
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 17 08:42:52.473021 2025] [security2:error] [pid 2938236:tid 2938236] [client 2a01:4f8:c012:fbb4::1:48144] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grandpont-house.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grandpont-house.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4peXO7yy1Lad0iajDKD3AAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-17 10:20:01
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 17 05:19:55.470257 2025] [security2:error] [pid 25296:tid 25296] [client 2a01:4f8:c012:fbb4::1:49204] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.lifeplannutrition.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.lifeplannutrition.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4ouy0cUxEDdf4HIzN2a6wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-17 09:13:23
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 17 04:13:16.683366 2025] [security2:error] [pid 26439:tid 26439] [client 2a01:4f8:c012:fbb4::1:52826] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||portlunchgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "portlunchgroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4ofLH5_sQ8E7jbCuIfvLwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-16 17:41:38
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:c012:fbb4::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 16 12:41:33.386994 2025] [security2:error] [pid 8333:tid 8333] [client 2a01:4f8:c012:fbb4::1:59884] [client 2a01:4f8:c012:fbb4::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.elimer.com.ve|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.elimer.com.ve"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4lEzb1996fFwhem2b_0jAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
BlueWire Hosting
2025-01-13 21:10:06
(1 week ago)
Probing for Wordpress vulnerabilities
Bad Web Bot
Web App Attack
maxxsense
2025-01-13 15:31:32
(1 week ago)
(wordpress) Failed wordpress login from 2a01:4f8:c012:fbb4::1 (DE/Germany/-)
Brute-Force
SpaceHost-Server
2025-01-13 08:55:50
(1 week ago)
2a01:4f8:c012:fbb4::1 - - [13/Jan/2025:09:55:48 +0100] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozi ... show more 2a01:4f8:c012:fbb4::1 - - [13/Jan/2025:09:55:48 +0100] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
2a01:4f8:c012:fbb4::1 - - [13/Jan/2025:09:55:49 +0100] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
2a01:4f8:c012:fbb4::1 - - [13/Jan/2025:09:55:50 +0100] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" show less
Hacking
Web App Attack
Anonymous
2025-01-13 01:02:42
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-01-12 00:50:58
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
nv
2025-01-11 21:00:13
(1 week ago)
2a01:4f8:c012:fbb4::1 - - [11/Jan/2025:22:00:02 +0100] "POST /xmlrpc.php HTTP/2.0" 403 107 "-" "Mozi ... show more 2a01:4f8:c012:fbb4::1 - - [11/Jan/2025:22:00:02 +0100] "POST /xmlrpc.php HTTP/2.0" 403 107 "-" "Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1" show less
Bad Web Bot
Anonymous
2025-01-11 05:18:19
(1 week ago)
xmlrpc attack blocked attempt from fail2ban
...
Web App Attack