TPI-Abuse
2024-06-17 23:21:52
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 17 19:21:44.131658 2024] [security2:error] [pid 19475] [client 2a06:6440:0:2c6e::1:59034] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ipv6.inquisitivequincie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ipv6.inquisitivequincie.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZnDFCPcggHc7cswwEGsiRgAAABY"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
TPI-Abuse
2024-06-17 21:37:07
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 17 17:37:01.125551 2024] [security2:error] [pid 3678448:tid 47801170974464] [client 2a06:6440:0:2c6e::1:12398] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.whatismetamodern.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.whatismetamodern.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZnCsfUjn4O1dicUKAACG5wAAABQ"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
TPI-Abuse
2024-06-17 21:12:55
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 17 17:12:48.183687 2024] [security2:error] [pid 21013] [client 2a06:6440:0:2c6e::1:40620] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.paramountcapital.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.paramountcapital.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZnCm0I7gadw_Oz1e_JQVRwAAAAc"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
Hirte
2024-06-17 20:54:47
(2 months ago)
MYH: Web Attack GET /wp-login.php
Web Spam
Web Spam
Hacking
Hacking
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
Anonymous
2024-06-17 20:48:49
(2 months ago)
Jun 17 23:48:49 mail haproxy[1380]: 2a06:6440:0:2c6e::1:45450 [17/Jun/2024:23:48:49.318] http-in htt ... show more Jun 17 23:48:49 mail haproxy[1380]: 2a06:6440:0:2c6e::1:45450 [17/Jun/2024:23:48:49.318] http-in http-in/<NOSRV> -1/-1/-1/-1/0 503 216 - - SC-- 1/1/0/0/0 0/0 "GET /wp-login.php HTTP/1.1"
... show less
Brute-Force
Brute-Force
Web App Attack
Web App Attack
ger-stg-sifi1
2024-06-17 07:52:05
(2 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
Web App Attack
Ba-Yu
2024-06-15 14:22:38
(2 months ago)
WP-xmlrpc exploit
Web Spam
Web Spam
Blog Spam
Blog Spam
Hacking
Hacking
Exploited Host
Exploited Host
Web App Attack
Web App Attack
weblite
2024-06-14 19:44:02
(2 months ago)
WP_AUTHOR_SCANNING WP_XMLRPC_ABUSE
Brute-Force
Brute-Force
Web App Attack
Web App Attack
MAGIC
2024-06-13 07:03:05
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
eminovic.ba
2024-06-10 03:28:53
(3 months ago)
Wordpress attack
...
Hacking
Brute-Force
Web App Attack
weblite
2024-06-04 09:13:19
(3 months ago)
WP_AUTHOR_SCANNING WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
TPI-Abuse
2024-06-03 11:04:13
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 07:04:06.513040 2024] [security2:error] [pid 18912] [client 2a06:6440:0:2c6e::1:41640] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.doreenkimura.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.doreenkimura.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zl2jJtUK-kGdazaameMxMQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-03 10:44:52
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 06:44:47.769301 2024] [security2:error] [pid 4122] [client 2a06:6440:0:2c6e::1:4850] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ferrarapanfitness.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ferrarapanfitness.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zl2enyZNHkJtM7GgR091awAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-03 10:25:02
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): ... show more (mod_security) mod_security (id:225170) triggered by 2a06:6440:0:2c6e::1 (web860.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 06:24:53.254278 2024] [security2:error] [pid 1467540] [client 2a06:6440:0:2c6e::1:63228] [client 2a06:6440:0:2c6e::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.d-sinema.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.d-sinema.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zl2Z9ZHoz2duhz2SU-ekiwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Roderic
2024-06-03 06:43:31
(3 months ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 2a06:6440:0:2c6e::1 (UA/ ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 2a06:6440:0:2c6e::1 (UA/Ukraine/-) show less
Port Scan