rp_otx_0_0.jpg

Exploited Vulnerabilities:

Remote File Upload Vulnerability in Fast-image-adder v1.1 Wordpress Plugin

WPO-Foundation WebPageTest Cross Site Scripting Vulnerability

Multiple Cross Site Scripting Vulnerabilities Found in FlightAirMap

Admin Custom Login WordPress Plugin affected by persistent Cross-Site Scripting via Logo URL field

Top 10 Attacker Countries:

CountryAttacks% of the total attacks of the world

China24043.1%

Argentina9116.3%

Russian Federation6111%

Brazil274.8%

Ecuador234.1%

United States223.9%

India213.8%

North Korea81.4%

Colombia71.3%

Iran71.3%

Top 10 Attacker Host

CountryHostOccurrences

China183.214.141.10245

China218.87.109.15029

China202.109.143.4710

China202.109.143.10410

China111.74.238.177

United States96.92.255.25

Brazil177.183.89.544

Taiwan219.71.36.1913

Russian Federation195.162.95.352

Detailed Report on Suspicious Hosts:

RP Intelligence System has detected IP addresses which are involved in suspicious behavior.

Behavior: Scanning hosts

Activity: Continuously using different username password combination existing and non existing usernames.

We have found following different types of events:

  • Failed Password
  • Invalid User
  • Authentication Failure
  • X more authentication failures
  • Input userauth request invalid user
  • userdel: Check pass

Type of Attack: Bruteforce

Source IP Addresses:

183.214.141.102        

218.87.109.150

202.109.143.47

202.109.143.104

111.74.238.17

187.217.199.20

96.92.255.2

219.71.36.191

177.183.89.54

221.183.16.231

195.162.95.35

147.46.152.40

183.214.141.102

218.87.109.150

5.39.218.159

201.176.129.21

201.254.27.107

197.48.218.197

186.59.140.232

117.195.178.149

123.31.31.186

181.24.164.210

190.174.159.128

Details
Date Published
March 22, 2017