TPI-Abuse
2024-09-08 23:27:11
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 19:27:06.204501 2024] [security2:error] [pid 2623576:tid 2623576] [client 91.92.248.247:55307] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.whatyouhear.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.whatyouhear.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt4yyn_me92pDtyruxjkKAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
ger-stg-sifi1
2024-09-08 22:52:40
(3 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
TPI-Abuse
2024-09-08 22:20:31
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 18:20:24.602198 2024] [security2:error] [pid 7573:tid 7595] [client 91.92.248.247:61271] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||websitehomepages.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "websitehomepages.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt4jKHnxpon4PoJx1UvjUQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Cloudkul Cloudkul
2024-09-08 22:15:06
(3 months ago)
Multiple unauthorized attempts to access web resources
Brute-Force
Web App Attack
TPI-Abuse
2024-09-08 21:37:19
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 17:37:13.596786 2024] [security2:error] [pid 25943:tid 25943] [client 91.92.248.247:64076] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.waterspell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.waterspell.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt4ZCT5yVvedMo_7cogx-wAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
rtbh.com.tr
2024-09-08 20:54:51
(3 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
TPI-Abuse
2024-09-08 19:12:41
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 15:12:35.570926 2024] [security2:error] [pid 3476673:tid 3476673] [client 91.92.248.247:59809] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.visionremota.info"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt33I_IYBO3Ekz8has4NgAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-09-08 19:04:07
(3 months ago)
Xmlrpc Caught (14)
Too many Status 40X (26)
Scanning/Probing (22)
Brute-Force
Web App Attack
TPI-Abuse
2024-09-08 18:50:15
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 14:50:11.539602 2024] [security2:error] [pid 29350:tid 29350] [client 91.92.248.247:62664] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||vintageamptubes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vintageamptubes.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt3x40h_ETtRaDszqoFP2gAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
spyra.rocks
2024-09-08 18:49:07
(3 months ago)
WordPress Backend Shield
Web App Attack
Kenshin869
2024-09-08 18:17:32
(3 months ago)
W4 Wordpress unauthorized access attempt
Brute-Force
TPI-Abuse
2024-09-08 12:21:55
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 08:21:50.791934 2024] [security2:error] [pid 3945557:tid 3945557] [client 91.92.248.247:63148] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||36sovereignchambers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "36sovereignchambers.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zt2W3h4uhWp10Wm3fNFM8wAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Kenshin869
2024-09-08 12:00:49
(3 months ago)
Wordpress unauthorized access attempt
Brute-Force
BRHosting
2024-09-08 11:47:02
(3 months ago)
Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)
Brute-Force
Web App Attack
Anonymous
2024-09-08 11:36:58
(3 months ago)
rumsingen.mit-polly.de 91.92.248.247 [08/Sep/2024:13:36:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 67 ... show more rumsingen.mit-polly.de 91.92.248.247 [08/Sep/2024:13:36:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 672 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
rumsingen.mit-polly.de 91.92.248.247 [08/Sep/2024:13:36:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4462 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" show less
Web App Attack