rtbh.com.tr
2024-09-10 08:54:47
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
MAGIC
2024-09-08 08:06:37
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-09-08 07:43:58
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercon ... show more (mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 03:43:51.509607 2024] [security2:error] [pid 7340:tid 7340] [client 35.236.115.211:58933] [client 35.236.115.211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ismaelcavazos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ismaelcavazos.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt1Vt35jkWGTcbZrBguBmQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
london2038.com
2024-09-08 07:29:52
(3 weeks ago)
Malformed or malicious web request
35.236.115.211 - - [08/Sep/2024:09:29:48 +0200] "" 400 0 "- ... show more Malformed or malicious web request
35.236.115.211 - - [08/Sep/2024:09:29:48 +0200] "" 400 0 "-" "-" show less
Hacking
Web App Attack
TPI-Abuse
2024-09-08 07:13:10
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercon ... show more (mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 03:13:04.886434 2024] [security2:error] [pid 380:tid 380] [client 35.236.115.211:49196] [client 35.236.115.211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.charlescastleman.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.charlescastleman.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt1OgBJihQkN0PekUai_tAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
gu-alvareza
2024-09-08 07:05:12
(3 weeks ago)
WordPress.REST.API.Username.Enumeration.Information.Disclosure
Web App Attack
TPI-Abuse
2024-09-08 06:30:47
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercon ... show more (mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 02:30:39.888909 2024] [security2:error] [pid 8317:tid 8317] [client 35.236.115.211:57930] [client 35.236.115.211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.newdirectionsinmusic.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt1Ej0MhRC_KMcX1mDhobQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-09-08 06:27:38
(3 weeks ago)
35.162 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
Anonymous
2024-09-08 06:26:18
(3 weeks ago)
Bad Web Bot
Web App Attack
Dolphi
2024-09-08 06:20:02
(3 weeks ago)
POST //xmlrpc.php
Brute-Force
Web App Attack
maxxsense
2024-09-08 06:10:15
(3 weeks ago)
(wordpress) Failed wordpress login from 35.236.115.211 (US/United States/211.115.236.35.bc.googleuse ... show more (wordpress) Failed wordpress login from 35.236.115.211 (US/United States/211.115.236.35.bc.googleusercontent.com) show less
Brute-Force
TPI-Abuse
2024-09-08 06:08:35
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercon ... show more (mod_security) mod_security (id:225170) triggered by 35.236.115.211 (211.115.236.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 02:08:27.954689 2024] [security2:error] [pid 789986:tid 789986] [client 35.236.115.211:65176] [client 35.236.115.211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.letmespeakpodcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.letmespeakpodcast.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt0_WwBX90YocUQBBD2QRAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack