TPI-Abuse
2024-12-06 02:10:06
(12 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 21:09:58.353275 2024] [security2:error] [pid 2206426:tid 2206426] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.toepferlab.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.toepferlab.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1Jc9gYH6tYryNEZUJ0aDgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-05 23:09:16
(15 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 18:09:09.030554 2024] [security2:error] [pid 21829:tid 21829] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.kerrywood.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.kerrywood.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1IylR5hhDvBxTvzRm79UQAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-05 19:19:12
(19 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 14:19:04.990213 2024] [security2:error] [pid 4201:tid 4207] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||franklin.websitehomepages.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "franklin.websitehomepages.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1H8qIxwSixgPuDJnUexmgAAAQQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-05 12:35:08
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 07:35:01.015715 2024] [security2:error] [pid 17064:tid 17064] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.judithcaldwell.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.judithcaldwell.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1Gd9RRxLIP4fQAfdHvh1QAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-05 00:10:02
(1 day ago)
Bot / scanning and/or hacking attempts: GET / HTTP/1.1, POST /wp/xmlrpc.php HTTP/1.1, GET /login HTT ... show more Bot / scanning and/or hacking attempts: GET / HTTP/1.1, POST /wp/xmlrpc.php HTTP/1.1, GET /login HTTP/1.1, POST /xmlrpc.php HTTP/1.1, POST /wordpress/xmlrpc.php HTTP/1.1, GET /wp-login.php HTTP/1.1, GET /admin/ HTTP/1.1 show less
Hacking
Web App Attack
Anonymous
2024-12-02 05:10:29
(4 days ago)
XMLRPC Hack Attempts
Hacking
Brute-Force
selahattinalan
2024-12-02 01:47:37
(4 days ago)
4:12:1752.242.208.16 - - [02/Dec/2024:04:47:36 +0300] "POST /xmlrpc.php HTTP/1.1" 200 4790 "-" "Mozi ... show more 4:12:1752.242.208.16 - - [02/Dec/2024:04:47:36 +0300] "POST /xmlrpc.php HTTP/1.1" 200 4790 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" show less
Brute-Force
taivas.nl
2024-11-30 16:32:13
(5 days ago)
Wordpress_xmlrpc_attack
Bad Web Bot
crimefireNOC
2024-11-27 23:37:32
(1 week ago)
WordPress Bruteforce RBL block||Name:root||WPU:root||RSV:6.53||T:APACHE|
Brute-Force
Progetto1
2024-11-27 16:07:02
(1 week ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
MAGIC
2024-11-27 08:09:54
(1 week ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
mnsf
2024-11-26 21:01:16
(1 week ago)
Xmlrpc Caught (6)
Brute-Force
Web App Attack
TPI-Abuse
2024-11-25 20:32:55
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 15:32:49.240580 2024] [security2:error] [pid 8259:tid 8259] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.nomorenicenice.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.nomorenicenice.net"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0Te8VL-5FxxiDuodyyBGwAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-25 19:10:33
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.242.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 14:10:30.867002 2024] [security2:error] [pid 18903:tid 18916] [client 52.242.208.16:1025] [client 52.242.208.16] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.vinylnotespodcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.vinylnotespodcast.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0TLpplcoiEnknmfCMVQmQAAAQs"] show less
Brute-Force
Bad Web Bot
Web App Attack
selahattinalan
2024-11-23 21:02:41
(1 week ago)
4:12:1752.242.208.16 - - [24/Nov/2024:00:02:40 +0300] "POST /xmlrpc.php HTTP/1.1" 200 4790 "-" "Mozi ... show more 4:12:1752.242.208.16 - - [24/Nov/2024:00:02:40 +0300] "POST /xmlrpc.php HTTP/1.1" 200 4790 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" show less
Brute-Force