cmbplf
2024-12-06 11:32:47
(3 hours ago)
12.975 requests to */xmlrpc.php
12.529 POST requests to */wp-login.php
1.611 requests ... show more 12.975 requests to */xmlrpc.php
12.529 POST requests to */wp-login.php
1.611 requests to */wp-includes/wlwmanifest.xml show less
Brute-Force
Bad Web Bot
chronos
2024-12-06 11:23:32
(3 hours ago)
[AUTORAVALT][[06/12/2024 - 08:23:31 -03:00 UTC]
Attack from [195.78.54.132]-[RANGE:195.78.54.0 ... show more [AUTORAVALT][[06/12/2024 - 08:23:31 -03:00 UTC]
Attack from [195.78.54.132]-[RANGE:195.78.54.0 - 195.78.57.255]
Action: BLocKed
DDoS Attack -> Participating in distributed denial-of-service.
Phishing -> Phishing websites and/or email.
Web Spam -> Comment/forum spam, HTTP referer spam, or other CMS spam.
Blog Spam -> CMS blog comment spam.
Web App Attack -> At]
... show less
DDoS Attack
Phishing
Web Spam
Blog Spam
Web App Attack
axllent
2024-12-06 10:21:17
(4 hours ago)
Scanning for exploits - //wp-includes/ID3/license.txt
Web App Attack
Savvii
2024-12-06 08:13:59
(6 hours ago)
10 attempts against mh-misc-ban on cell
Web App Attack
KIsmay
2024-12-06 07:38:53
(7 hours ago)
Dec 6 02:38:51 www4 WPAudit[64588]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win ... show more Dec 6 02:38:51 www4 WPAudit[64588]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" vhsport:A�ERTY FAIL
Dec 6 02:38:51 www4 WPAudit[64592]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" vhsport:a�erty FAIL
Dec 6 02:38:51 www4 WPAudit[64588]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" vhsport:UGJRMV FAIL
Dec 6 02:38:52 www4 WPAudit[64592]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" vhsport:ugjrmv FAIL
Dec 6 02:38:52 www4 WPAudit[64588]: 195.78.54.132 www.vhsport.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" v
... show less
Brute-Force
Web App Attack
COMAITE
2024-12-06 06:50:28
(8 hours ago)
Multiple web server 400 error codes from same source ip 195.78.54.132.
Web App Attack
taivas.nl
2024-12-06 05:32:23
(9 hours ago)
Many_bad_calls
Web App Attack
TPI-Abuse
2024-12-06 05:23:53
(9 hours ago)
(mod_security) mod_security (id:240335) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 00:23:50.202765 2024] [security2:error] [pid 6912:tid 6912] [client 195.78.54.132:8146] [client 195.78.54.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 195.78.54.132 (+1 hits since last alert)|alpinexport.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alpinexport.com"] [uri "/xmlrpc.php"] [unique_id "Z1KKZpulf6ziMSb-FFF7KAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-06 04:12:55
(10 hours ago)
(mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 23:12:49.173610 2024] [security2:error] [pid 21805:tid 21805] [client 195.78.54.132:53990] [client 195.78.54.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.stoughtonpipeandwelding.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.stoughtonpipeandwelding.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1J5we0gZwEYmTnrwIjyVwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
S.O.B.A. Dev.
2024-12-06 03:50:39
(11 hours ago)
Threat Blocked by BeeHive from (ASN:174) (Network:COGENT-174) (Host:soba.dev) (Method:GET) (Protocol ... show more Threat Blocked by BeeHive from (ASN:174) (Network:COGENT-174) (Host:soba.dev) (Method:GET) (Protocol:HTTP/1.1) (Timestamp:2024-12-06T03:50:39Z) show less
Web Spam
Brute-Force
Web App Attack
TPI-Abuse
2024-12-06 03:42:58
(11 hours ago)
(mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 22:42:53.673243 2024] [security2:error] [pid 22418:tid 22421] [client 195.78.54.132:12117] [client 195.78.54.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.alancphotography.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.alancphotography.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1JyvU6MDrHcXSmJGvkPNwAAAIA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Markus Woegerbauer
2024-12-06 03:17:10
(11 hours ago)
(wordpress) Failed wordpress login from 195.78.54.132 (NL/The Netherlands/-)
Brute-Force
conseilgouz
2024-12-06 03:13:54
(11 hours ago)
ave-7 : Trying access unauthorized files/dir=>/wordpress/wp-includes/wlwmanifest.xml
Hacking
TPI-Abuse
2024-12-06 03:10:07
(11 hours ago)
(mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 22:10:03.924830 2024] [security2:error] [pid 26896:tid 26896] [client 195.78.54.132:27038] [client 195.78.54.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||makeupandwardrobe.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "makeupandwardrobe.com"] [uri "/wordpress/wp-json/wp/v2/users/"] [unique_id "Z1JrC2dLUgGNYKJ1kYnMAwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-06 02:07:40
(12 hours ago)
(mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 195.78.54.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 21:07:35.131065 2024] [security2:error] [pid 2198111:tid 2198111] [client 195.78.54.132:5250] [client 195.78.54.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bestlawnsohio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bestlawnsohio.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z1JcZ-qTDtVlZLcqzRqjqwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack