maxxsense
2024-07-22 02:19:04
(1 month ago)
(wordpress) Failed wordpress login from 109.17.253.132 (FR/France/132.253.17.109.rev.sfr.net)
Brute-Force
Malta
2024-07-22 00:29:35
(1 month ago)
109.17.253.132 - - [22/Jul/2024:02:29:35 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 109.17.253.132 - - [22/Jul/2024:02:29:35 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-07-21 22:33:12
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 ... show more (mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 18:33:08.919797 2024] [security2:error] [pid 18837:tid 18837] [client 109.17.253.132:26172] [client 109.17.253.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.17.253.132 (+1 hits since last alert)|www.calvarycavaliers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.calvarycavaliers.org"] [uri "/xmlrpc.php"] [unique_id "Zp2MpN03y4_3UUcj_bYyuwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-21 16:40:27
(1 month ago)
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-21 15:04:36
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 ... show more (mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 11:04:30.372784 2024] [security2:error] [pid 4161:tid 4231] [client 109.17.253.132:60116] [client 109.17.253.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.17.253.132 (+1 hits since last alert)|www.rivercafeandbar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rivercafeandbar.com"] [uri "/xmlrpc.php"] [unique_id "Zp0jfopG4g06rNAaWckuogAAAE0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-21 07:09:42
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 ... show more (mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 03:09:37.430091 2024] [security2:error] [pid 3493783:tid 3493783] [client 109.17.253.132:54461] [client 109.17.253.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.17.253.132 (+1 hits since last alert)|weddingmusicguitar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "weddingmusicguitar.com"] [uri "/xmlrpc.php"] [unique_id "Zpy0MTaWNN0nSpu7JTdaEwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-21 04:27:42
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 ... show more (mod_security) mod_security (id:240335) triggered by 109.17.253.132 (132.253.17.109.rev.sfr.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 00:27:39.450399 2024] [security2:error] [pid 18068:tid 18068] [client 109.17.253.132:51348] [client 109.17.253.132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.17.253.132 (+1 hits since last alert)|www.hodlmoser.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hodlmoser.com"] [uri "/xmlrpc.php"] [unique_id "ZpyOO80hE76k1yudWR80MgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-21 03:49:06
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-20 12:59:12
(1 month ago)
fulda-media.de 109.17.253.132 [20/Jul/2024:14:59:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4305 "-" ... show more fulda-media.de 109.17.253.132 [20/Jul/2024:14:59:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4305 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
fulda-media.de 109.17.253.132 [20/Jul/2024:14:59:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4305 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" show less
Web App Attack
FeG Deutschland
2024-07-20 12:02:01
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
bittiguru.fi
2024-07-20 11:11:14
(1 month ago)
109.17.253.132 - [20/Jul/2024:14:11:13 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 ( ... show more 109.17.253.132 - [20/Jul/2024:14:11:13 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86"
109.17.253.132 - [20/Jul/2024:14:11:13 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86"
... show less
Hacking
Brute-Force
Web App Attack
Anonymous
2024-07-20 00:16:31
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
10dencehispahard SL
2024-07-19 23:02:28
(1 month ago)
Unauthorized login attempts [ wordpress-xmlrpc, wordpress]
Brute-Force
Web App Attack