Swiptly
2024-10-19 11:20:56
(1 month ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
corthorn
2024-10-19 10:43:06
(1 month ago)
172.96.189.145 - - [19/Oct/2024:12:43:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4349 "-" "Mozilla/5. ... show more 172.96.189.145 - - [19/Oct/2024:12:43:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4349 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
... show less
Brute-Force
Anonymous
2024-10-16 19:38:00
(1 month ago)
Blocked by firewall for Known malicious User-Agents at ****/wp-login.php
16/10/2024 11:17:13 ... show more Blocked by firewall for Known malicious User-Agents at ****/wp-login.php
16/10/2024 11:17:13 (9 hours 21 mins ago)
IP: 172.96.189.145 Hostname: 145.189.96.172.static.reverse.arandomserver.com
Human/Bot: Human
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 show less
Hacking
Web App Attack
TPI-Abuse
2024-10-16 11:31:36
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 07:31:31.654600 2024] [security2:error] [pid 19835:tid 19835] [client 172.96.189.145:42428] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||glendaleheritage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glendaleheritage.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw-kE3D81Cqi9fd6wQ2YbgAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-16 10:47:08
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 06:47:01.288160 2024] [security2:error] [pid 29268:tid 29268] [client 172.96.189.145:52746] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kobraagencies.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kobraagencies.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw-ZpaRv_Zz87P1LZhB1LAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-10-16 10:03:46
(1 month ago)
Scanning/Probing (22)
Brute-Force
Web App Attack
TPI-Abuse
2024-10-16 10:01:39
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 06:01:35.830390 2024] [security2:error] [pid 15313:tid 15351] [client 172.96.189.145:59722] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.koalacogs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.koalacogs.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw-O_wM1SAfcAisFLmOm5AAAAEQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-16 05:12:41
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 01:12:35.973991 2024] [security2:error] [pid 24543:tid 24543] [client 172.96.189.145:49212] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||baselineledsolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "baselineledsolutions.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw9LQ-3xsE1drfdlYoQk7wAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 11:20:46
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:225170) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 07:20:39.065610 2024] [security2:error] [pid 29917:tid 29917] [client 172.96.189.145:35978] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cubbylure.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cubbylure.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw5QB-bZ8s72sDCDkp0CNwAAAA0"], referer: http://cubbybait.com///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack
wnbhosting.dk
2024-10-10 23:29:33
(1 month ago)
WP xmlrpc [2024-10-11T01:29:33+02:00]
Hacking
Web App Attack
TPI-Abuse
2024-10-10 21:32:22
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 172.96.189.145 (145.189.96.172.static.reverse.a ... show more (mod_security) mod_security (id:240335) triggered by 172.96.189.145 (145.189.96.172.static.reverse.arandomserver.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 10 17:32:18.003533 2024] [security2:error] [pid 19716:tid 19716] [client 172.96.189.145:46612] [client 172.96.189.145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.96.189.145 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bogl.no"] [uri "/xmlrpc.php"] [unique_id "ZwhH4b0a4IqcABXBt35mPgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Ba-Yu
2024-10-10 20:45:39
(1 month ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
bogdanv
2024-10-10 12:26:53
(1 month ago)
$f2bV_matches
DDoS Attack
Web Spam
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
Swiptly
2024-10-10 01:41:24
(2 months ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
weblite
2024-10-09 07:00:05
(2 months ago)
WP_XMLRPC_ABUSE
Brute-Force
Web App Attack