Sheet1
ID IP HTTP METHOD HTTP VERSION
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430027 141.147.45.186 GET HTTP/1.1
430017 141.147.45.186 GET HTTP/1.1
430017 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
430034 141.147.45.186 GET HTTP/1.1
580004 92.118.36.208 GET HTTP/1.1
Page 1
� Sheet1
REASON
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - request_uri: Wordpress - prevent PHP files from executing
Malware.Expert - Wordpress - xmlrpc.php accept only POST requests
Page 2
� Sheet1
JUSTIFICATION
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/css/.*\\.php" at REQUEST_URI.
Pattern match "/wp-content/uploads/.*\\.php" at REQUEST_URI.
Pattern match "/wp-content/uploads/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
Pattern match "/wp-admin/includes/.*\\.php" at REQUEST_URI.
String match "xmlrpc.php" at REQUEST_URI.
Page 3
� Sheet1
HOSTNAME URI HTTP STATUS
nanucloud.com /wp-admin/includes/class-wp-me
406
nanucloud.com /wp-admin/includes/maint/repai406
nanucloud.com /wp-admin/includes/edit-tag-m 406
nanucloud.com /wp-admin/includes/tablepress_406
nanucloud.com /wp-admin/includes/block-line.p406
nanucloud.com /wp-admin/css/modern/colors.c406
nanucloud.com /wp-content/uploads/readindex 406
nanucloud.com /wp-content/uploads/small.php 406
nanucloud.com /wp-admin/includes/mar.php 406
nanucloud.com /wp-admin/includes/readindex. 406
nanucloud.com /wp-admin/includes/maint/wp-r 406
nanucloud.com /wp-admin/includes/maint/wp-c 406
nanucloud.com /wp-admin/includes/media-site. 406
nanucloud.com /ul8zr2/xmlrpc.php 406
Page 4
� Sheet1
ACTION TIME
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:39
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-06-11 19:26:38
Access denied with code 406 (phase 2) 2022-04-22 00:04:57
Page 5
