Bensay
|
|
138.199.60.11 - - [16/Dec/2024:05:38:23 +0100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 495 " ... show more138.199.60.11 - - [16/Dec/2024:05:38:23 +0100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 495 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
Mon Dec 16 05:38:24.352885 2024138.199.60.11 - - [16/Dec/2024:05:38:24 +0100] "GET /xmlrpc.php?rsd HTTP/1.1" 404 245 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
Mon Dec 16 05:38:24.352885 2024138.199.60.11 - - [16/Dec/2024:05:38:25 +0100] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 495 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
Mon Dec 16 05:38:24.352885 2024138.199.60.11 - - [16/Dec/2024:05:38:25 +0100] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 495 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
Mon Dec 16 05:38:24.352885
... show less
|
Hacking
Bad Web Bot
Web App Attack
|
|
WeekendWeb
|
|
Wordpress Vunerability attack
|
Web App Attack
|
|
Vegascosmetics
|
|
Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.
|
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 16:14:29.302949 2024] [security2:error] [pid 12401:tid 12401] [client 138.199.60.11:52959] [client 138.199.60.11] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||professionalpianomoversinc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "professionalpianomoversinc.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z19GtQ4RRx5NvwuobcF7vAAAABI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
taivas.nl
|
|
Bad_requests
|
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 13:37:06.212566 2024] [security2:error] [pid 2092:tid 2092] [client 138.199.60.11:52705] [client 138.199.60.11] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gac-newsletter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gac-newsletter.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z18h0nnHfcUIXCCgxXTQ7AAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Unauthorized connection attempt detected in the last 24 hours
|
Hacking
|
|
Anonymous
|
|
(wordpress) Failed wordpress login from 138.199.60.11 (SG/Singapore/-)
|
Brute-Force
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 05:38:44.777181 2024] [security2:error] [pid 19375:tid 19375] [client 138.199.60.11:49828] [client 138.199.60.11] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||brbcash.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "brbcash.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z16xtEgpfbR_Ek0xNnUZ6AAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
xmlrpc attack blocked attempt from fail2ban
...
|
Web App Attack
|
|
Anonymous
|
|
Backdrop CMS module - malicious activity detected
|
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Malicious activity detected
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 138.199.60.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 03:24:41.124198 2024] [security2:error] [pid 1080217:tid 1080217] [client 138.199.60.11:56126] [client 138.199.60.11] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.freemanfoundationcle.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.freemanfoundationcle.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z16SSUG7LzD7PxfYEPFacQAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
cmbplf
|
|
478 requests to */wp-includes/wlwmanifest.xml
|
Brute-Force
Bad Web Bot
|
|
Dolphi
|
|
POST //xmlrpc.php
|
Brute-Force
Web App Attack
|
|