Anonymous
|
|
wp admin page access attempt
...
|
Hacking
Web App Attack
|
|
zynex
|
|
URL Probing: /blog/wp-includes/wlwmanifest.xml
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 00:31:01.089310 2024] [security2:error] [pid 22418:tid 22418] [client 94.156.66.69:52242] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.blacksheepoffroad.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.blacksheepoffroad.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqzhZ4t0xt4Hg55qWXjPwAAABA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
jasperedv.de
|
|
Apache Login - Brutforcing
|
Brute-Force
Web App Attack
|
|
Anonymous
|
|
apache-wordpress-login
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 00:06:06.830993 2024] [security2:error] [pid 5823:tid 5823] [client 94.156.66.69:54113] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.realclean.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.realclean.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqtrvRhpu3dT0Vz1xT46QAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 23:40:33.809994 2024] [security2:error] [pid 6856:tid 6856] [client 94.156.66.69:51370] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nordicbuilders.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nordicbuilders.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqnsV1jH7Zk78rhZBFF-QAAAB4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Brute forcing Wordpress login
|
Hacking
Web App Attack
|
|
BRHosting
|
|
Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)
|
Brute-Force
Web App Attack
|
|
juutis
|
|
Multiple WAF abuses - IP blocked
|
Hacking
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 20:52:49.918874 2024] [security2:error] [pid 24858:tid 24957] [client 94.156.66.69:60376] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gochemless.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gochemless.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqAYc2n7kKrwThbq2dLXwAAAQE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 20:25:17.438724 2024] [security2:error] [pid 26432:tid 26441] [client 94.156.66.69:50404] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||condo.management|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "condo.management"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zsp57WTyvUBEKq4tYa3dPQAAAIc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
corthorn
|
|
94.156.66.69 - - [25/Aug/2024:02:10:55 +0200] "POST //xmlrpc.php HTTP/1.1" 403 421 "-" "Mozilla/5.0 ... show more94.156.66.69 - - [25/Aug/2024:02:10:55 +0200] "POST //xmlrpc.php HTTP/1.1" 403 421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36"
... show less
|
Brute-Force
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 20:04:49.352751 2024] [security2:error] [pid 28020:tid 28020] [client 94.156.66.69:57821] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pluralmatrix.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pluralmatrix.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zsp1IYbsxMhuACps7MRi2wAAABE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:225170) triggered by 94.156.66.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 19:49:29.268269 2024] [security2:error] [pid 11675:tid 11675] [client 94.156.66.69:52279] [client 94.156.66.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.arthuryeung.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.arthuryeung.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZspxiU7vYRN5g6zmOboqLQAAAAc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|