TPI-Abuse
2024-09-07 23:35:51
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 19:35:43.940063 2024] [security2:error] [pid 19574:tid 19574] [client 91.92.248.247:55701] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.manosentuayuda.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.manosentuayuda.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtzjT9XvtRBl-OhlFXoYFQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 23:20:06
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 19:20:02.694676 2024] [security2:error] [pid 1685:tid 1685] [client 91.92.248.247:52833] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.manaplas.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.manaplas.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Ztzfovcpr_IKKj618-QGSwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 22:42:22
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 18:42:14.584198 2024] [security2:error] [pid 13300:tid 13300] [client 91.92.248.247:62079] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.majesticsolutions.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.majesticsolutions.co"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtzWxg9jAO70ZQRgVkW-dAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 21:56:32
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 17:56:25.387365 2024] [security2:error] [pid 16263:tid 16263] [client 91.92.248.247:56743] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||madisonventures.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "madisonventures.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtzMCWWyUFME-dA4C-T2aQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 21:19:02
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 17:18:57.126005 2024] [security2:error] [pid 15899:tid 15899] [client 91.92.248.247:57409] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lysedzija.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lysedzija.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtzDQQN4vUBFkZzRPj4c6AAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 21:03:58
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 17:03:51.397754 2024] [security2:error] [pid 845105:tid 845108] [client 91.92.248.247:62703] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||luxury.management|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "luxury.management"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zty_t5NiL-tnOKrLxvLW4gAAAIE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 20:45:04
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 16:44:56.432132 2024] [security2:error] [pid 9330:tid 9330] [client 91.92.248.247:58627] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lukeschicago.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lukeschicago.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zty7SKR_knOGh3cRsVgKIgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-07 20:37:03
(3 months ago)
(wordpress) Failed wordpress login from 91.92.248.247 (BG/Bulgaria/-)
Brute-Force
Anonymous
2024-09-07 20:32:15
(3 months ago)
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 20:19:49
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 16:19:43.242456 2024] [security2:error] [pid 28761:tid 28761] [client 91.92.248.247:57878] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.lspfest.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lspfest.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zty1X-mvefeg2z_-0EVh_gAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Apache
2024-09-07 19:57:40
(3 months ago)
(mod_security) mod_security (id:210410) triggered by 91.92.248.247 (BG/Bulgaria/-): 5 in the last 30 ... show more (mod_security) mod_security (id:210410) triggered by 91.92.248.247 (BG/Bulgaria/-): 5 in the last 300 secs show less
Brute-Force
Web App Attack
TPI-Abuse
2024-09-07 19:42:38
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 91.92.248.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 15:42:35.329558 2024] [security2:error] [pid 30007:tid 30007] [client 91.92.248.247:61482] [client 91.92.248.247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.loriarsenault.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.loriarsenault.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZtysqxP4xpQ9PvqIvQObxQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Dadelinux
2024-09-07 19:41:50
(3 months ago)
91.92.248.247 - - [07/Sep/2024:21:41:40 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 200 1214 "-" "Mozilla ... show more 91.92.248.247 - - [07/Sep/2024:21:41:40 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 200 1214 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
91.92.248.247 - - [07/Sep/2024:21:41:44 +0200] "POST //xmlrpc.php HTTP/1.1" 200 779 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
91.92.248.247 - - [07/Sep/2024:21:41:48 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4703 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" show less
SQL Injection
Web App Attack
london2038.com
2024-09-07 19:25:33
(3 months ago)
Malformed or malicious web request
91.92.248.247 - - [07/Sep/2024:21:25:30 +0200] "" 400 0 "-" ... show more Malformed or malicious web request
91.92.248.247 - - [07/Sep/2024:21:25:30 +0200] "" 400 0 "-" "-" show less
Hacking
Web App Attack
mnsf
2024-09-07 19:03:16
(3 months ago)
Xmlrpc Caught (8)
Too many Status 40X (15)
Scanning/Probing (12)
Brute-Force
Web App Attack