Incidents Response Neptus Team
2024-11-12 02:29:00
(2 months ago)
Report Abase IP
Hacking
Exploited Host
Web App Attack
MWA SOC
2024-11-12 01:59:26
(2 months ago)
Hacking
TPI-Abuse
2024-11-12 01:01:42
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 ... show more (mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 20:01:37.668897 2024] [security2:error] [pid 2127:tid 2151] [client 89.169.54.58:57740] [client 89.169.54.58] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||georgementz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "georgementz.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzKo8Q0Urp5RvkhnFsloNgAAARI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-12 00:35:51
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
Anonymous
2024-11-12 00:10:30
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
rsiddall
2024-11-11 23:56:22
(2 months ago)
2024-11-11T18:56:20.503003linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369380|u ... show more 2024-11-11T18:56:20.503003linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369380|user|89.169.54.58|https://www.uuhumanists.org/user/login||0||Login attempt failed for uuhumanists.
2024-11-11T18:56:20.876141linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369380|user|89.169.54.58|https://www.uuhumanists.org/user/login||0||Login attempt failed for admin.
2024-11-11T18:56:21.209530linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369381|user|89.169.54.58|https://www.uuhumanists.org/user/login||0||Login attempt failed for administrator.
2024-11-11T18:56:21.579763linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369381|user|89.169.54.58|https://www.uuhumanists.org/user/login||0||Login attempt failed for uuhumanists.
2024-11-11T18:56:21.849505linnet.elirion.net drupal[17515]: https://www.uuhumanists.org|1731369381|user|89.169.54.58|https://www.uuhumanists.org/user/login||0||Login attempt failed for admin.
... show less
Brute-Force
robotstxt
2024-11-11 23:31:08
(2 months ago)
89.169.54.58 - - [11/Nov/2024:23:30:16 +0000] "GET //wp-admin/admin-ajax.php?action=download_from_fi ... show more 89.169.54.58 - - [11/Nov/2024:23:30:16 +0000] "GET //wp-admin/admin-ajax.php?action=download_from_files_617_fileupload HTTP/1.1" 400 11 "-" rt="0.215" "Mozilla/5.0 (X11; Ubuntu; 7468 ; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0" "-" h="www.wp-cli.es" sn="www.wp-cli.es" ru="//wp-admin/admin-ajax.php?action=download_from_files_617_fileupload" u="/wp-admin/admin-ajax.php" ucs="-" ua="unix:/var/run/php/wpcli82.sock" us="400" uct="0.000" urt="0.215"
89.169.54.58 - - [11/Nov/2024:23:30:17 +0000] "GET //wp-admin/admin-ajax.php?action=duplicator_download&file=/../wp-config.php HTTP/1.1" 400 11 "-" rt="0.234" "Mozilla/5.0 (X11; Ubuntu; 7468 ; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0" "-" h="www.wp-cli.es" sn="www.wp-cli.es" ru="//wp-admin/admin-ajax.php?action=duplicator_download&file=/../wp-config.php" u="/wp-admin/admin-ajax.php" ucs="-" ua="unix:/var/run/php/wpcli82.sock" us="400" uct="0.000" urt="0.233"
89.169.54.58 - - [11/Nov/2024:23:30:17 +0000] "GET //wp-admin/admin-ajax.p
... show less
Web Spam
Web App Attack
polycoda
2024-11-11 23:14:42
(2 months ago)
⌨️ Probes for eval-stdin.php everywhere
Hacking
Web App Attack
TPI-Abuse
2024-11-11 22:32:15
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 ... show more (mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 17:32:11.543296 2024] [security2:error] [pid 17466:tid 17466] [client 89.169.54.58:38470] [client 89.169.54.58] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||meganmurph.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "meganmurph.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzKF67svNwNhx_Tz_pEnuQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Information Security
2024-11-11 21:56:38
(2 months ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-11-11 21:56:09
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 ... show more (mod_security) mod_security (id:210492) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 16:56:03.983345 2024] [security2:error] [pid 24436:tid 24436] [client 89.169.54.58:55184] [client 89.169.54.58] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aguirremoreno.com"] [uri "/uncategorized/MYzoomsounds/"] [unique_id "ZzJ9c2aufS9Qpm0ejZvp3AAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-11 21:40:02
(2 months ago)
| Multiple common web attacks from same source ip. (multiple servers)
Hacking
SQL Injection
Web App Attack
Anonymous
2024-11-11 21:31:34
(2 months ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /wp-json/wp/v2/users/1 HTTP/1 ... show more Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /wp-json/wp/v2/users/1 HTTP/1.1 show less
Hacking
Web App Attack
rsiddall
2024-11-11 21:28:26
(2 months ago)
2024-11-11T16:28:24.821379linnet.elirion.net drupal[17740]: https://huumanists.org|1731360504|user|8 ... show more 2024-11-11T16:28:24.821379linnet.elirion.net drupal[17740]: https://huumanists.org|1731360504|user|89.169.54.58|https://huumanists.org/user/login||0||Login attempt failed for huumanists.
2024-11-11T16:28:25.167279linnet.elirion.net drupal[17740]: https://huumanists.org|1731360505|user|89.169.54.58|https://huumanists.org/user/login||0||Login attempt failed for admin.
2024-11-11T16:28:25.425507linnet.elirion.net drupal[17740]: https://huumanists.org|1731360505|user|89.169.54.58|https://huumanists.org/user/login||0||Login attempt failed for administrator.
2024-11-11T16:28:25.796849linnet.elirion.net drupal[17740]: https://huumanists.org|1731360505|user|89.169.54.58|https://huumanists.org/user/login||0||Login attempt failed for huumanists.
2024-11-11T16:28:26.065270linnet.elirion.net drupal[17740]: https://huumanists.org|1731360506|user|89.169.54.58|https://huumanists.org/user/login||0||Login attempt failed for admin.
... show less
Brute-Force
TPI-Abuse
2024-11-11 21:27:37
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 ... show more (mod_security) mod_security (id:225170) triggered by 89.169.54.58 (forlorn-story-n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 16:27:30.919413 2024] [security2:error] [pid 16268:tid 16268] [client 89.169.54.58:48868] [client 89.169.54.58] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ideaofauniversity.website"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzJ2wg1fWMH1k_SzccHIcAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack