JimArchon72
2024-12-18 18:10:02
(4 weeks ago)
2024/12/18 18:06:27 "GET //wp-login.php HTTP/1.1"
Web App Attack
ecodehost.com
2024-12-10 01:11:03
(1 month ago)
Domain : ohsetraining.com
Rule : env
2024-12-10 01:09:46 10.100.1.20 GET /wp-includes/wl ... show more Domain : ohsetraining.com
Rule : env
2024-12-10 01:09:46 10.100.1.20 GET /wp-includes/wlwmanifest.xml - 443 - 105.188.4.74 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36 - ohsetraining.com 404 0 2 1384 348 205 - - show less
Hacking
SQL Injection
rtbh.com.tr
2024-12-09 20:52:52
(1 month ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
noise.agency
2024-12-09 09:30:57
(1 month ago)
(wordpress) Failed wordpress login from 105.188.4.74 (MA/Morocco/-)
Brute-Force
Tripwire
2024-12-09 03:24:47
(1 month ago)
Scanning for exploits - //wp-includes/wlwmanifest.xml
Web App Attack
TPI-Abuse
2024-12-08 23:47:32
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 18:47:26.664705 2024] [security2:error] [pid 32002:tid 32004] [client 105.188.4.74:50213] [client 105.188.4.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sallykimmel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sallykimmel.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1YwDtbrmjRZM6nLWww4qwAAAMA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-08 23:07:22
(1 month ago)
apache-wordpress-login
Brute-Force
Web App Attack
rtbh.com.tr
2024-12-08 20:52:50
(1 month ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
applemooz
2024-12-08 18:50:35
(1 month ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
akasolutions.de
2024-12-08 18:38:15
(1 month ago)
(wordpress) Failed wordpress login from 105.188.4.74 (MA/Morocco/-)
Brute-Force
TPI-Abuse
2024-12-08 16:02:38
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 11:02:30.522616 2024] [security2:error] [pid 127871:tid 127871] [client 105.188.4.74:50527] [client 105.188.4.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gasoilliquidsdaily.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gasoilliquidsdaily.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1XDFtqHDNrku5sX0mCufQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-08 14:54:00
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 09:53:56.188556 2024] [security2:error] [pid 11722:tid 11722] [client 105.188.4.74:54129] [client 105.188.4.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.quickasawink.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.quickasawink.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1WzBCco9bpUDPgTqIopnwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-08 12:39:02
(1 month ago)
wordpress-trap
Web App Attack
openstrike.co.uk
2024-12-08 06:12:41
(1 month ago)
17 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=97/xmlrpc.php?rsd HTTP/1.1
GE ... show more 17 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=97/xmlrpc.php?rsd HTTP/1.1
GET /domain.cgi?id=97/sito/wp-includes/wlwmanifest.xml HTTP/1.1 show less
Web App Attack
TPI-Abuse
2024-12-08 03:59:28
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 105.188.4.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 22:59:21.077369 2024] [security2:error] [pid 12218:tid 12218] [client 105.188.4.74:62805] [client 105.188.4.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rogerheath.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rogerheath.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1UZmRMg4SSpA6jaaRWDnAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack