TPI-Abuse
2024-11-03 21:56:53
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 16:56:49.561127 2024] [security2:error] [pid 2556048:tid 2556048] [client 3.101.16.52:60536] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||oshadega.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "oshadega.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyfxoQzfgotsJ7Sne-_fgQAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 21:40:47
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 16:40:44.678736 2024] [security2:error] [pid 1140:tid 1140] [client 3.101.16.52:63557] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||exhaustthelimits.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "exhaustthelimits.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zyft3BCF24VnFF55cTeBmgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 21:20:51
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 16:20:48.680323 2024] [security2:error] [pid 4366:tid 4366] [client 3.101.16.52:54555] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sharonmauldin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sharonmauldin.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyfpMCOYe9J8blj0I1kETgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 20:47:07
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 15:47:04.201081 2024] [security2:error] [pid 3432:tid 3432] [client 3.101.16.52:60083] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.naturephotographyadventures.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.naturephotographyadventures.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "ZyfhSCe643Hh2K0z-9cBKAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
taivas.nl
2024-11-03 19:32:10
(2 months ago)
Bad_requests
Bad Web Bot
TPI-Abuse
2024-11-03 19:12:16
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 14:12:10.245647 2024] [security2:error] [pid 29436:tid 29450] [client 3.101.16.52:56867] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||catishly.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "catishly.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyfLCtPRXBAAXKT47HRVFQAAAQw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 18:47:32
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 13:47:27.466782 2024] [security2:error] [pid 22852:tid 22852] [client 3.101.16.52:60294] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.andiamocomputers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.andiamocomputers.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyfFP6MDax9tD9j74yRKeQAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 18:20:26
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 13:20:19.905336 2024] [security2:error] [pid 25039:tid 25039] [client 3.101.16.52:62587] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rochesterhistorical.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rochesterhistorical.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zye-428IcteClFgVkVM0RgAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-03 18:20:26
(2 months ago)
(wordpress) Failed wordpress login from 3.101.16.52 (US/United States/ec2-3-101-16-52.us-west-1.comp ... show more (wordpress) Failed wordpress login from 3.101.16.52 (US/United States/ec2-3-101-16-52.us-west-1.compute.amazonaws.com) show less
Brute-Force
TPI-Abuse
2024-11-03 17:37:24
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 12:37:19.693775 2024] [security2:error] [pid 27172:tid 27172] [client 3.101.16.52:53323] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.jaspergoss.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.jaspergoss.info"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zye0zyC-9kQZdPo_OVk0JgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
N3ilawx
2024-11-03 17:19:27
(2 months ago)
Fail2Ban detect something wrong with this ip 3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:25 +0000]< ... show more Fail2Ban detect something wrong with this ip 3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:25 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:25 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:25 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:26 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:26 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:26 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:26 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:26 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:27 +0000]
3.101.16.52 - GET - 404 - [03/Nov/2024:17:19:27 +0000]
... show less
Brute-Force
Web App Attack
Dolphi
2024-11-03 17:10:02
(2 months ago)
POST //xmlrpc.php
Brute-Force
Web App Attack
mnsf
2024-11-03 17:06:19
(2 months ago)
Xmlrpc Caught (14)
Too many Status 40X (24)
Scanning/Probing (20)
Brute-Force
Web App Attack
pusathosting.com
2024-11-03 17:00:09
(2 months ago)
2ds22 bruteforce
Brute-Force
Web App Attack
TPI-Abuse
2024-11-03 16:51:43
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 11:51:38.929015 2024] [security2:error] [pid 10249:tid 10249] [client 3.101.16.52:54458] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.darkalleyproductions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.darkalleyproductions.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyeqGu4EOtXWyCXL9SjQPAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack