openstrike.co.uk
2024-10-31 06:12:39
(3 days ago)
13 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=35/xmlrpc.php?rsd HTTP/1.1
GE ... show more 13 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=35/xmlrpc.php?rsd HTTP/1.1
GET /domain.cgi?id=35/cms/wp-includes/wlwmanifest.xml HTTP/1.1 show less
Web App Attack
TPI-Abuse
2024-10-31 04:11:54
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 00:11:48.519177 2024] [security2:error] [pid 26377:tid 26508] [client 147.75.33.158:24671] [client 147.75.33.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.gryphix.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.gryphix.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyMDhM-I8AVq1bPAwVxL8AAAAg4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-31 03:50:08
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 30 23:50:04.042789 2024] [security2:error] [pid 3516026:tid 3516026] [client 147.75.33.158:24713] [client 147.75.33.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.waterjetsolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.waterjetsolutions.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyL-bA9-iRYvkwVYZozA_QAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
N3ilawx
2024-10-31 02:05:49
(3 days ago)
Fail2Ban detect something wrong with this ip 147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:46 +0000 ... show more Fail2Ban detect something wrong with this ip 147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:46 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:47 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:47 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:47 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:47 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:47 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:48 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:48 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:48 +0000]
147.75.33.158 - GET - 404 - [31/Oct/2024:02:05:48 +0000]
... show less
Brute-Force
Web App Attack
VHosting
2024-10-31 00:28:02
(3 days ago)
Attempt from 147.75.33.158, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
Anonymous
2024-10-30 23:59:24
(3 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
axllent
2024-10-30 23:23:35
(3 days ago)
Scanning for exploits - //wp-includes/ID3/license.txt
Web App Attack
Anonymous
2024-10-30 23:06:33
(3 days ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1
Hacking
Web App Attack
TPI-Abuse
2024-10-30 19:45:08
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 30 15:45:00.458016 2024] [security2:error] [pid 20050:tid 20050] [client 147.75.33.158:24675] [client 147.75.33.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pulleasy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pulleasy.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyKMvBTIj6hLMasuTxUCcAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-30 19:01:30
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 30 15:01:23.735050 2024] [security2:error] [pid 15856:tid 15856] [client 147.75.33.158:24783] [client 147.75.33.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thingstodonude.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thingstodonude.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyKCg8jRGyYy6O1gwfVuLQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-30 18:20:03
(4 days ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
Anonymous
2024-10-29 10:49:31
(5 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-28 14:08:36
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 147.75.33.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 10:08:30.919850 2024] [security2:error] [pid 27040:tid 27040] [client 147.75.33.158:64448] [client 147.75.33.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||univey.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "univey.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zx-a3h2Z6D_GncwLDoQhSQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-10-28 11:27:44
(6 days ago)
3.244 requests to */xmlrpc.php
447 requests to */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot
raspi4
2024-10-28 11:16:20
(6 days ago)
Fail2Ban Ban Triggered
Brute-Force
Web App Attack