applemooz
2024-07-15 20:39:59
(1 month ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
TPI-Abuse
2024-07-13 04:28:32
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 00:28:15.072170 2024] [security2:error] [pid 14173] [client 120.196.87.130:49898] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.196.87.130 (+1 hits since last alert)|www.whodatnation.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.whodatnation.com"] [uri "/xmlrpc.php"] [unique_id "ZpICXzdve6dQrxHpEikIHQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-13 03:43:14
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 23:43:04.887725 2024] [security2:error] [pid 20302] [client 120.196.87.130:43854] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.102.148.189 (0+1 hits since last alert)|www.firejasstrio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.firejasstrio.com"] [uri "/xmlrpc.php"] [unique_id "ZpH3yIg3MGGU3rQhNMNQQQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Malta
2024-07-11 22:26:28
(2 months ago)
120.196.87.130 - - [12/Jul/2024:00:26:27 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 120.196.87.130 - - [12/Jul/2024:00:26:27 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-07-10 20:41:45
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 10 16:41:36.648514 2024] [security2:error] [pid 26979:tid 47294107891456] [client 120.196.87.130:35572] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.196.87.130 (+1 hits since last alert)|www.teritemme.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.teritemme.com"] [uri "/xmlrpc.php"] [unique_id "Zo7yAKAXSjBt4ImIvD2bmAAAAU0"] show less
Brute-Force
Bad Web Bot
Web App Attack
weblite
2024-07-10 14:43:19
(2 months ago)
WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
TPI-Abuse
2024-07-10 12:20:04
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 10 08:19:46.668132 2024] [security2:error] [pid 16541] [client 120.196.87.130:60602] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.196.87.130 (+1 hits since last alert)|www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ideaofauniversity.website"] [uri "/xmlrpc.php"] [unique_id "Zo58YkaOL3uiV9S9jTsRbwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-10 00:06:01
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-09 21:03:02
(2 months ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
cmbplf
2024-07-09 17:26:08
(2 months ago)
593 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
MAGIC
2024-07-09 17:00:47
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
neo72
2024-07-09 11:19:30
(2 months ago)
Spam
Email Spam
TPI-Abuse
2024-07-09 07:01:47
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 09 03:01:29.565678 2024] [security2:error] [pid 31892] [client 120.196.87.130:39722] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.196.87.130 (+1 hits since last alert)|www.williamcline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.williamcline.com"] [uri "/xmlrpc.php"] [unique_id "ZozgSQbfrI3c6WKviSE-xwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
myagent.site
2024-07-08 20:29:48
(2 months ago)
Banned for posting to wp-login.php without referer {"log":"admin","pwd":"Emmagaskins2021","wp-submit ... show more Banned for posting to wp-login.php without referer {"log":"admin","pwd":"Emmagaskins2021","wp-submit":"Log In","redirect_to":"http:\/\/emmagaskins.com\/wp-admin\/","testcookie":"1"} show less
Hacking
TPI-Abuse
2024-07-08 16:31:55
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 120.196.87.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 12:31:44.469414 2024] [security2:error] [pid 11519] [client 120.196.87.130:51874] [client 120.196.87.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.196.87.130 (+1 hits since last alert)|laecovillage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "laecovillage.org"] [uri "/xmlrpc.php"] [unique_id "ZowUcImQ0h97uLgz7tBZwwAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack