Major Hostility
2024-11-04 16:10:34
(2 months ago)
"GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /xmlrpc.php?rsd HTTP/1.1" 403
"GET ... show more "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /xmlrpc.php?rsd HTTP/1.1" 403
"GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /website/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /news/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /2018/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /test/wp-includes/wlwmanifest.xml HTTP/1.1" 404
"GET /media/wp-includes/wlwmanifest.xml HTTP/1.1" 404 show less
Web App Attack
FeG Deutschland
2024-11-04 10:56:01
(2 months ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
Bächtold-Informatik
2024-11-04 10:39:03
(2 months ago)
Domain : mountainflare.ch
Rule : env
2024-11-04 10:38:30 145.239.244.113 GET /wp-include ... show more Domain : mountainflare.ch
Rule : env
2024-11-04 10:38:30 145.239.244.113 GET /wp-includes/wlwmanifest.xml - 443 - 3.101.16.52 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 - mountainflare.ch 404 0 2 12749 348 517 - - show less
Hacking
SQL Injection
SpaceHost-Server
2024-11-04 06:30:15
(2 months ago)
3.101.16.52 - - [04/Nov/2024:07:30:13 +0100] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 ( ... show more 3.101.16.52 - - [04/Nov/2024:07:30:13 +0100] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
3.101.16.52 - - [04/Nov/2024:07:30:14 +0100] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
3.101.16.52 - - [04/Nov/2024:07:30:15 +0100] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" show less
Hacking
Web App Attack
openstrike.co.uk
2024-11-04 06:12:53
(2 months ago)
18 attacks on Wordpress URLs, PHP URLs:
GET /domain.cgi?id=252/sito/wp-includes/wlwmanifest.xm ... show more 18 attacks on Wordpress URLs, PHP URLs:
GET /domain.cgi?id=252/sito/wp-includes/wlwmanifest.xml HTTP/1.1
GET /domain.cgi?id=252/xmlrpc.php?rsd HTTP/1.1 show less
Web App Attack
TPI-Abuse
2024-11-04 05:59:52
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 00:59:46.521366 2024] [security2:error] [pid 32228:tid 32228] [client 3.101.16.52:63280] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.elpaco.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.elpaco.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zyhi0lace-RHcp66B6MligAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 05:21:05
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 00:21:00.597126 2024] [security2:error] [pid 17653:tid 17653] [client 3.101.16.52:52028] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.abilityengraving.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.abilityengraving.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZyhZvPNz7Aqc5tt2h828nAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
advena
2024-11-04 04:15:55
(2 months ago)
3.101.16.52 (AS16509 AMAZON-02) was intercepted at 2024-11-04T04:14:14Z after violating WAF directiv ... show more 3.101.16.52 (AS16509 AMAZON-02) was intercepted at 2024-11-04T04:14:14Z after violating WAF directive: bot_fight_mode. Pre-cautionary/corrective action applied: managed_challenge. show less
Web Spam
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-11-04 02:43:18
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 21:43:10.196346 2024] [security2:error] [pid 23857:tid 23857] [client 3.101.16.52:53054] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cubbylure.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cubbylure.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zyg0vhJfsoRfal--Qh1GDwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-11-04 01:00:44
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-04 00:28:17
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 19:28:09.574352 2024] [security2:error] [pid 7097:tid 7097] [client 3.101.16.52:58724] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rodandreelpiercam.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rodandreelpiercam.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZygVGbUXedXTkRls92CbuwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 23:36:10
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 18:36:03.552105 2024] [security2:error] [pid 11197:tid 11197] [client 3.101.16.52:55584] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||go4food.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "go4food.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "ZygI46QeUmhp_azFLZ9z4QAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
SpaceHost-Server
2024-11-03 22:54:26
(2 months ago)
3.101.16.52 - - [03/Nov/2024:23:54:24 +0100] "POST //xmlrpc.php HTTP/1.1" 200 1110 "-" "Mozilla/5.0 ... show more 3.101.16.52 - - [03/Nov/2024:23:54:24 +0100] "POST //xmlrpc.php HTTP/1.1" 200 1110 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
3.101.16.52 - - [03/Nov/2024:23:54:25 +0100] "POST //xmlrpc.php HTTP/1.1" 200 1110 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
3.101.16.52 - - [03/Nov/2024:23:54:25 +0100] "POST //xmlrpc.php HTTP/1.1" 200 1110 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" show less
Hacking
Web App Attack
TPI-Abuse
2024-11-03 22:41:29
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 17:41:26.190212 2024] [security2:error] [pid 9484:tid 9484] [client 3.101.16.52:55845] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ixd.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ixd.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zyf8FnKTlJBdNzzRAcQPTwAAABw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-03 22:24:34
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute. ... show more (mod_security) mod_security (id:225170) triggered by 3.101.16.52 (ec2-3-101-16-52.us-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 03 17:24:26.676069 2024] [security2:error] [pid 26390:tid 26390] [client 3.101.16.52:64288] [client 3.101.16.52] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.calvarycavaliers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.calvarycavaliers.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zyf4GieDOvR6ARRvc1dNqQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack