Hirte
2024-09-14 13:42:36
(1 month ago)
ABV: Web Attack GET /edition-braus/wp-includes/wlwmanifest.xml
Web Spam
Hacking
Bad Web Bot
Web App Attack
eepyfemboi
2024-09-14 09:56:02
(1 month ago)
AUTOREPORT (some categories may be assigned inaccurately):
Incident began on 14-09-2024_02-56- ... show more AUTOREPORT (some categories may be assigned inaccurately):
Incident began on 14-09-2024_02-56-02_AM.
Attack targeted domain: dwl-twitter.com.
Responsible IP: 3.106.213.77.
Likely used incorrect user agent: Yes.
Switched between user agents: False
Initial User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Logs can be found at the following addresses:
- https://eepy.io/abuse/3.106.213.77_14-09-2024_02-56-02_AM.txt
- https://sleepys.pet/abuse/3.106.213.77_14-09-2024_02-56-02_AM.txt
Log indexes:
- https://eepy.io/abuse
- https://sleepys.pet/abuse
Logs are mirrored on eepy.io (sleepie.dev) and sleepys.pet
Please notify me of a false report by tweeting (@) eepyfemboi on twitter. show less
Web Spam
Port Scan
Hacking
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-14 07:43:33
(1 month ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1
Hacking
Web App Attack
Vegascosmetics
2024-09-14 06:01:44
(1 month ago)
Excessive BAD Request Abuse
Bad Web Bot
TPI-Abuse
2024-09-14 05:12:30
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 01:12:22.618648 2024] [security2:error] [pid 9188:tid 9188] [client 3.106.213.77:55700] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gatlintire.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gatlintire.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuUbNmgCdUsY92TE5TEMiQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
ph
2024-09-14 05:00:05
(1 month ago)
Bad web bot attempting to run wp-includes on non-WP site
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 04:39:51
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 00:39:47.572974 2024] [security2:error] [pid 12146:tid 12162] [client 3.106.213.77:49785] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gmentz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gmentz.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuUTk0kLKtDFSaja_bspBAAAAE4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 04:02:40
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 00:02:35.997666 2024] [security2:error] [pid 16230:tid 16230] [client 3.106.213.77:49702] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||coconutpointlistings.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "coconutpointlistings.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuUK20r2V9nOpJ8M9sPF3QAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 01:31:36
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 13 21:31:28.464933 2024] [security2:error] [pid 7906:tid 7906] [client 3.106.213.77:54719] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mdgcontrols.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mdgcontrols.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuTncJA32E9jbVyC-X8K3gAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-14 01:20:51
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-14 00:06:11
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 13 20:06:07.807770 2024] [security2:error] [pid 3996797:tid 3996834] [client 3.106.213.77:61584] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||artmarialeon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "artmarialeon.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuTTb00n6DHYKkXVQWyOkQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
eepyfemboi
2024-09-13 23:19:00
(1 month ago)
AUTOREPORT (some categories may be assigned inaccurately):
Incident began on 13-09-2024_04-19- ... show more AUTOREPORT (some categories may be assigned inaccurately):
Incident began on 13-09-2024_04-19-00_PM.
Attack targeted domain: dwl-twitter.com.
Responsible IP: 3.106.213.77.
Likely used incorrect user agent: Yes.
Switched between user agents: False
Initial User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Logs can be found at the following addresses:
- https://eepy.io/abuse/3.106.213.77_13-09-2024_04-19-00_PM.txt
- https://sleepys.pet/abuse/3.106.213.77_13-09-2024_04-19-00_PM.txt
Log indexes:
- https://eepy.io/abuse
- https://sleepys.pet/abuse
Logs are mirrored on eepy.io (sleepie.dev) and sleepys.pet
Please notify me of a false report by tweeting (@) eepyfemboi on twitter. show less
Web Spam
Port Scan
Hacking
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-13 19:19:23
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.c ... show more (mod_security) mod_security (id:225170) triggered by 3.106.213.77 (ec2-3-106-213-77.ap-southeast-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 13 15:19:16.951516 2024] [security2:error] [pid 14982:tid 14982] [client 3.106.213.77:64254] [client 3.106.213.77] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.takeapawsboston.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.takeapawsboston.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuSQNIuC1TXtxmNU9d94owAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-09-13 18:28:44
(1 month ago)
1.557 requests to */xmlrpc.php
726 requests to */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot