Swiptly
|
|
WordPress xmlrpc spam or enumeration
...
|
Web Spam
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
ger-stg-sifi1
|
|
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
|
Web App Attack
|
|
Ba-Yu
|
|
WP-xmlrpc exploit
|
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
|
|
spyra.rocks
|
|
ModSecurity
|
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
bittiguru.fi
|
|
47.96.97.97 - [12/Jan/2025:02:36:00 +0200] "POST /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Win ... show more47.96.97.97 - [12/Jan/2025:02:36:00 +0200] "POST /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
47.96.97.97 - [12/Jan/2025:02:36:04 +0200] "POST /xmlrpc.php HTTP/1.1" 404 47117 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" "-"
... show less
|
Hacking
Brute-Force
Web App Attack
|
|
bittiguru.fi
|
|
47.96.97.97 - [11/Jan/2025:22:57:15 +0200] "POST /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Lin ... show more47.96.97.97 - [11/Jan/2025:22:57:15 +0200] "POST /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Linux; Android 10; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Mobile Safari/537.36" "-"
47.96.97.97 - [11/Jan/2025:22:57:18 +0200] "POST /xmlrpc.php HTTP/1.1" 404 47117 "-" "Mozilla/5.0 (Linux; Android 10; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Mobile Safari/537.36" "-"
... show less
|
Hacking
Brute-Force
Web App Attack
|
|
John Chrys.
|
|
|
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Anonymous
|
|
wp4.breidenba.ch 47.96.97.97 [11/Jan/2025:06:41:38 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4462 "-" " ... show morewp4.breidenba.ch 47.96.97.97 [11/Jan/2025:06:41:38 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4462 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"
wp4.breidenba.ch 47.96.97.97 [11/Jan/2025:06:41:39 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4462 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" show less
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 09 23:31:40.081162 2025] [security2:error] [pid 2243996:tid 2243996] [client 47.96.97.97:50566] [client 47.96.97.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||farsipraiseclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "farsipraiseclub.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4CirDe_LHvv1UeXNm0XvQAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 09 23:12:41.369113 2025] [security2:error] [pid 12672:tid 12672] [client 47.96.97.97:48626] [client 47.96.97.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||soundsfrompersia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "soundsfrompersia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4CeOcnxjj055Htz_4IdSAAAAA4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:225170) triggered by 47.96.97.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 09 08:17:26.220742 2025] [security2:error] [pid 2490908:tid 2490908] [client 47.96.97.97:44588] [client 47.96.97.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stationrestaurant.ca|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stationrestaurant.ca"] [uri "/wp-json/wp/v2/users"] [unique_id "Z3_MZmVGpktnBMgsL-axqAAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Swiptly
|
|
WordPress xmlrpc spam or enumeration
...
|
Web Spam
Bad Web Bot
Web App Attack
|
|