OiledAmoeba
2024-08-16 13:57:04
(3 weeks ago)
2a12:5940:ab62::2 - - [16/Aug/2024:15:57:00 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 2 ... show more 2a12:5940:ab62::2 - - [16/Aug/2024:15:57:00 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 258 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.846 "-"
2a12:5940:ab62::2 - - [16/Aug/2024:15:57:01 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 256 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.572 "-"
2a12:5940:ab62::2 - - [16/Aug/2024:15:57:02 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 291 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.551 "-"
2a12:5940:ab62::2 - - [16/Aug/2024:15:57:02 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.454 "-"
2a12:5940:ab62::2 - - [16/Aug/2024:15:57:0
... show less
Brute-Force
TPI-Abuse
2024-08-16 04:07:54
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 00:07:47.355091 2024] [security2:error] [pid 17583:tid 17583] [client 2a12:5940:ab62::2:52372] [client 2a12:5940:ab62::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.bickleton.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.bickleton.org"] [uri "/driving-directions/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr7QkziyJcbI6BEO0Irj7gAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 03:32:42
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 23:32:33.865109 2024] [security2:error] [pid 2130:tid 2130] [client 2a12:5940:ab62::2:60018] [client 2a12:5940:ab62::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||1954topresent.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "1954topresent.com"] [uri "/blog/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr7IUSnD8oh6r4ySOu7dtQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 01:19:56
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 21:19:47.737706 2024] [security2:error] [pid 13081:tid 13081] [client 2a12:5940:ab62::2:41150] [client 2a12:5940:ab62::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.ideaofauniversity.website"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr6pMyj0K7KpfCU4Zamf9wAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 19:20:56
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 15:20:49.094528 2024] [security2:error] [pid 534:tid 534] [client 2a12:5940:ab62::2:43988] [client 2a12:5940:ab62::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.comobarbershop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.comobarbershop.com"] [uri "/uncategorized/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr5VEf6MyIYAA8lHmoMtJwAAACU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 15:15:42
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:ab62::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 11:15:32.452840 2024] [security2:error] [pid 26269:tid 26269] [client 2a12:5940:ab62::2:54266] [client 2a12:5940:ab62::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||newcitypark.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "newcitypark.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr4blDcuIsgGagS0NpFnRwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-15 15:10:54
(3 weeks ago)
15/Aug/2024:17:10:54.151305 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Aug/2024:17:10:54.151305 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 2a12:5940:ab62::2] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [ta
... show less
Hacking
Web App Attack
el-brujo
2024-08-15 12:42:16
(3 weeks ago)
15/Aug/2024:14:42:16.233664 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Aug/2024:14:42:16.233664 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 2a12:5940:ab62::2] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [ta
... show less
Hacking
Web App Attack
chr70
2024-08-15 12:27:00
(3 weeks ago)
Scanning for vulnerabilities
Web App Attack
Cloudkul Cloudkul
2024-08-15 12:18:14
(3 weeks ago)
Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests.. show less
Brute-Force
Web App Attack
applemooz
2024-08-15 05:47:12
(3 weeks ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
el-brujo
2024-08-15 05:24:29
(3 weeks ago)
15/Aug/2024:07:24:29.273027 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Aug/2024:07:24:29.273027 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 2a12:5940:ab62::2] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [ta
... show less
Hacking
Web App Attack
el-brujo
2024-08-14 23:37:29
(4 weeks ago)
15/Aug/2024:01:37:28.941308 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Aug/2024:01:37:28.941308 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 2a12:5940:ab62::2] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [ta
... show less
Hacking
Web App Attack
el-brujo
2024-08-14 21:03:12
(4 weeks ago)
14/Aug/2024:23:03:12.066696 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Aug/2024:23:03:12.066696 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 2a12:5940:ab62::2] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [ta
... show less
Hacking
Web App Attack
4server
2024-08-14 15:53:43
(4 weeks ago)
[WedAug1417:53:35.3518202024][security2:error][pid449059:tid449120][client2a12:5940:ab62::2:0][clien ... show more [WedAug1417:53:35.3518202024][security2:error][pid449059:tid449120][client2a12:5940:ab62::2:0][client2a12:5940:ab62::2]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"connector\\\\\\\\.minimal\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"306\"][id\"393781\"][rev\"1\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:WordPressFileManagerPluginattackblocked\"][severity\"CRITICAL\"][hostname\"giftech.ch\"][uri\"/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php\"][unique_id\"ZrzS_y2PVO5j9_FAD0y1fAAAAMY\"][WedAug1417:53:37.0465612024][security2:error][pid449059:tid449120][client2a12:5940:ab62::2:0][client2a12:5940:ab62::2]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"connector\\\\\\\\.minimal\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"306\"][id\"393781\"][rev\"1\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:WordPressFileManagerPluginattackblocked\"][severity\"CRITICAL\ show less
Port Scan
Brute-Force
Web App Attack