Anonymous
2024-07-01 07:06:53
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-06-30 16:16:16
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 30 12:16:02.123818 2024] [security2:error] [pid 12383] [client 118.195.130.163:52092] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.cityofhaleyville.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.cityofhaleyville.com"] [uri "/xmlrpc.php"] [unique_id "ZoGEwrN1yGo2SfKL2HNC6wAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-06-30 09:46:18
(2 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-30 06:37:03
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 118.195.130.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 30 02:36:53.574156 2024] [security2:error] [pid 8665] [client 118.195.130.163:56769] [client 118.195.130.163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.195.130.163 (+1 hits since last alert)|www.americanacademyofteachersofsinging.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.americanacademyofteachersofsinging.org"] [uri "/xmlrpc.php"] [unique_id "ZoD9BZY3CTvEq3yl95BGVwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
stinpriza
2024-06-29 07:39:55
(2 months ago)
WP Authentication attempt for unknown user
Brute-Force
Web App Attack
URAN Publishing Service
2024-06-25 08:23:21
(2 months ago)
118.195.130.163 - - [25/Jun/2024:11:23:17 +0300] "GET /wp-login.php HTTP/1.1" 404 277 "-" "Apache-Ht ... show more 118.195.130.163 - - [25/Jun/2024:11:23:17 +0300] "GET /wp-login.php HTTP/1.1" 404 277 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
118.195.130.163 - - [25/Jun/2024:11:23:20 +0300] "GET /wp-login.php HTTP/1.1" 404 295 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
... show less
Web App Attack
Steve
2024-06-20 00:13:33
(2 months ago)
Attempts against non-existent wordpress site
Brute-Force
Brute-Force
Web App Attack
Web App Attack
Anonymous
2024-06-19 23:15:54
(2 months ago)
Excessive 404 Traffic Wordpress
Web App Attack
Web App Attack
Hirte
2024-06-19 08:34:23
(2 months ago)
MYH: Web Attack GET /wp-login.php
Web Spam
Web Spam
Hacking
Hacking
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
applemooz
2024-06-19 06:30:25
(2 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Brute-Force
Web App Attack
Web App Attack
URAN Publishing Service
2024-06-17 22:42:25
(2 months ago)
118.195.130.163 - - [18/Jun/2024:01:42:17 +0300] "GET /wp-login.php HTTP/1.1" 404 276 "-" "Apache-Ht ... show more 118.195.130.163 - - [18/Jun/2024:01:42:17 +0300] "GET /wp-login.php HTTP/1.1" 404 276 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
118.195.130.163 - - [18/Jun/2024:01:42:24 +0300] "GET /wp-login.php HTTP/1.1" 404 276 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
... show less
Web App Attack
Web App Attack
Unwasted
2024-06-12 23:49:19
(3 months ago)
Abusive content scan (abuse_score:>80)
Hacking
Brute-Force
Web App Attack
Dolphi
2024-06-11 21:30:04
(3 months ago)
Excessive POST /xmlrpc.php requests
Brute-Force
Web App Attack
URAN Publishing Service
2024-06-10 20:57:34
(3 months ago)
118.195.130.163 - - [10/Jun/2024:23:57:05 +0300] "GET /wp-login.php HTTP/1.1" 404 3005 "-" "Apache-H ... show more 118.195.130.163 - - [10/Jun/2024:23:57:05 +0300] "GET /wp-login.php HTTP/1.1" 404 3005 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
118.195.130.163 - - [10/Jun/2024:23:57:33 +0300] "GET /xmlrpc.php HTTP/1.1" 404 3004 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
... show less
Web App Attack
myintarweb
2024-06-10 09:46:24
(3 months ago)
118.195.130.163 - - [10/Jun/2024:10:46:20 +0100] 443 "GET /wp-login.php HTTP/1.1" 403 4685 "-" "Apac ... show more 118.195.130.163 - - [10/Jun/2024:10:46:20 +0100] 443 "GET /wp-login.php HTTP/1.1" 403 4685 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_161)"
... show less
Hacking
Bad Web Bot
Web App Attack