|
๐ฌ๐ง
thetomtaylor.co.uk
|
|
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx03]
|
Bad Web Bot
Web App Attack
|
|
|
๐ฌ๐ง
thetomtaylor.co.uk
|
|
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx01,mx02,wa01,wa02]
|
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
infra-monitor
|
|
Automated ban via infra-monitor: wp-sensitive-paths, wordpress-probe, webshell-high-confidence
|
Hacking
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 05:10:38.786039 2026] [security2:error] [pid 21447:tid 21447] [client 34.156.247.39:52188] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||astglobaltech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "astglobaltech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alC3Dh_lJxFDI_-THNFV_gAAAAc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ฑ๐น
NotACaptcha
|
|
webserver:443 [10/Jul/2026] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 470 "-" "Mozilla/ ...
show more
webserver:443 [10/Jul/2026] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
webserver:443 [10/Jul/2026] "GET //xmlrpc.php?rsd HTTP/1.1" 404 470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
webserver:443 [10/Jul/2026] "GET //feed/ HTTP/1.1" 404 470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
webserver:443 [10/Jul/2026] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 5268 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
webserver:80 [10/Jul/2026] "GET / HTTP/1.1" 302 451 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
|
Web App Attack
|
|
|
๐จ๐ญ
zynex
|
|
URL Probing: /shop/wp-includes/wlwmanifest.xml
|
Web App Attack
|
|
|
๐ฌ๐ง
Artelis
|
|
34.156.247.39 - - [10/Jul/2026:08:57:04 +0000] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 548 ...
show more
34.156.247.39 - - [10/Jul/2026:08:57:04 +0000] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 04:53:34.053062 2026] [security2:error] [pid 17409:tid 17423] [client 34.156.247.39:60343] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arizonasolutionsgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arizonasolutionsgroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alCzDjSdv2zCJX5pxTF3SgAAAIo"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐จ๐ญ
backslash
|
|
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
|
Bad Web Bot
|
|
|
๐ฉ๐ช
filstal.org
|
|
WordPress login brute-force detected.
|
Brute-Force
Web App Attack
|
|
|
๐ฎ๐น
VHosting
|
|
Detected WordPress attack from 4 different servers
|
Brute-Force
Web App Attack
|
|
|
๐ฉ๐ช
mravb
|
|
34.156.247.39 - - [10/Jul/2026:11:40:19 +0300] "GET //xmlrpc.php?rsd HTTP/1.1" 404 555 "-" "Mozilla/ ...
show more
34.156.247.39 - - [10/Jul/2026:11:40:19 +0300] "GET //xmlrpc.php?rsd HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
|
Web App Attack
Hacking
|
|
|
๐ฉ๐ช
big-cloud.nl
|
|
Try to access /xmlrpc.php?rsd
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.247.39 (39.247.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 04:34:33.359612 2026] [security2:error] [pid 2459845:tid 2459845] [client 34.156.247.39:58138] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.daisydoesoap.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.daisydoesoap.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alCume_ctBZ5p1dqE174rQAAAA4"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ณ๐ด
Abuse Buster
|
|
34.156.247.39 - - [10/Jul/2026:10:31:52 +0200] "GET //wp-includes/ID3/license.txt HTTP/2.0" 404 22 " ...
show more
34.156.247.39 - - [10/Jul/2026:10:31:52 +0200] "GET //wp-includes/ID3/license.txt HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.247.39 - - [10/Jul/2026:10:31:52 +0200] "GET //feed/ HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.247.39 - - [10/Jul/2026:10:31:52 +0200] "GET //xmlrpc.php?rsd HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
|
Web App Attack
|
|