TPI-Abuse
2024-07-12 04:16:41
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 00:16:30.774237 2024] [security2:error] [pid 15943] [client 118.195.130.163:54472] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.hdsniderphoto.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hdsniderphoto.com"] [uri "/xmlrpc.php"] [unique_id "ZpCuHqmBWlYhp7pw8UfVXgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
HoneyPotEU02
2024-07-11 08:47:37
(1 month ago)
wordpress-trap
Web App Attack
HoneyPotEU02
2024-07-07 16:02:56
(2 months ago)
wordpress-trap
Web App Attack
myagent.site
2024-07-07 16:02:34
(2 months ago)
Blocked user enumeration attempt
Hacking
MAGIC
2024-07-07 06:04:55
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-07-06 18:14:03
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 06 14:13:50.657953 2024] [security2:error] [pid 19250] [client 118.195.130.163:64313] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.bethanyeyecenter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.bethanyeyecenter.com"] [uri "/xmlrpc.php"] [unique_id "ZomJXoaBEt4rQbR6KKZUYAAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
HoneyPotEU02
2024-07-05 19:07:23
(2 months ago)
wordpress-trap
Web App Attack
plzenskypruvodce.cz
2024-07-04 00:42:14
(2 months ago)
2024-07-04T02:42:13.436089+02:00 web wordpress(varhanykolin.cz)[3192491]: Immediately block connecti ... show more 2024-07-04T02:42:13.436089+02:00 web wordpress(varhanykolin.cz)[3192491]: Immediately block connections from 118.195.130.163
... show less
Brute-Force
Anonymous
2024-07-01 07:06:53
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-06-30 16:16:16
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 30 12:16:02.123818 2024] [security2:error] [pid 12383] [client 118.195.130.163:52092] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.cityofhaleyville.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.cityofhaleyville.com"] [uri "/xmlrpc.php"] [unique_id "ZoGEwrN1yGo2SfKL2HNC6wAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-06-30 09:46:18
(2 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-30 06:37:03
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 30 02:36:53.574156 2024] [security2:error] [pid 8665] [client 118.195.130.163:56769] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.americanacademyofteachersofsinging.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.americanacademyofteachersofsinging.org"] [uri "/xmlrpc.php"] [unique_id "ZoD9BZY3CTvEq3yl95BGVwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
stinpriza
2024-06-29 07:39:55
(2 months ago)
WP Authentication attempt for unknown user
Brute-Force
Web App Attack
URAN Publishing Service
2024-06-25 08:23:21
(2 months ago)
118.195.130.163 - - [25/Jun/2024:11:23:17 +0300] "GET /wp-login.php HTTP/1.1" 404 277 "-" "Apache-Ht ... show more 118.195.130.163 - - [25/Jun/2024:11:23:17 +0300] "GET /wp-login.php HTTP/1.1" 404 277 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
118.195.130.163 - - [25/Jun/2024:11:23:20 +0300] "GET /wp-login.php HTTP/1.1" 404 295 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
... show less
Web App Attack
Steve
2024-06-20 00:13:33
(2 months ago)
Attempts against non-existent wordpress site
Brute-Force
Brute-Force
Web App Attack
Web App Attack