|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 03:13:18.912435 2024] [security2:error] [pid 20981:tid 20981] [client 13.212.39.146:36668] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|www.indoorsfinishing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.indoorsfinishing.com"] [uri "/xmlrpc.php"] [unique_id "ZrcTDn_j-b5NqluivJBOCwAAABE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 00:01:53.415283 2024] [security2:error] [pid 4236:tid 4236] [client 13.212.39.146:42002] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|kaldaragroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kaldaragroup.com"] [uri "/xmlrpc.php"] [unique_id "ZrbmMYmFDzMcDqOCq8lAqwAAAAs"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 19:18:41.094519 2024] [security2:error] [pid 11028:tid 11028] [client 13.212.39.146:54242] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|www.rentkase.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rentkase.com"] [uri "/xmlrpc.php"] [unique_id "Zraj0Ztv_m3ARHRU23Kz9QAAAAk"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 15:52:23.994981 2024] [security2:error] [pid 3047:tid 3047] [client 13.212.39.146:40340] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|mouserart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mouserart.com"] [uri "/xmlrpc.php"] [unique_id "ZrZzd69S64T1UWbZlJ-sVgAAAAc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
|
Hacking
Web App Attack
|
|
|
๐ธ๐ฌ
oncord
|
|
Form spam
|
Web Spam
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐ฒ๐น
Malta
|
|
13.212.39.146 - - [09/Aug/2024:07:05:58 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ...
show more
13.212.39.146 - - [09/Aug/2024:07:05:58 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt
show less
|
Hacking
Brute-Force
Web App Attack
|
|
|
๐ณ๐ฑ
applemooz
|
|
WordPress XMLRPC Brute Force Attacks
...
|
Brute-Force
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 20:31:54.748645 2024] [security2:error] [pid 19187:tid 19193] [client 13.212.39.146:49454] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|www.wnsi.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.wnsi.org"] [uri "/xmlrpc.php"] [unique_id "ZrVjetkdEEe5NXUpsy9vmwAAAEQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 19:32:35.261012 2024] [security2:error] [pid 2508350:tid 2508370] [client 13.212.39.146:49192] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|www.honorac.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.honorac.com"] [uri "/xmlrpc.php"] [unique_id "ZrVVk6UMr8jq2sy2m3M-0AAAAFI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 08:45:18.391849 2024] [security2:error] [pid 10273:tid 10273] [client 13.212.39.146:47346] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 128.127.104.80 (0+1 hits since last alert)|www.cier.xyz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.cier.xyz"] [uri "/xmlrpc.php"] [unique_id "ZrS93h9H5Qz0YmterSq3pAAAAAc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 08:27:59.340240 2024] [security2:error] [pid 10536:tid 10536] [client 13.212.39.146:43984] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|www.eta-mct.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.eta-mct.com"] [uri "/xmlrpc.php"] [unique_id "ZrS5zz4uYEK6ephiWbJ8nAAAAAY"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1 ...
show more
(mod_security) mod_security (id:240335) triggered by 13.212.39.146 (ec2-13-212-39-146.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 08:01:19.791206 2024] [security2:error] [pid 981928:tid 981928] [client 13.212.39.146:40190] [client 13.212.39.146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 13.212.39.146 (+1 hits since last alert)|meganmurph.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "meganmurph.com"] [uri "/xmlrpc.php"] [unique_id "ZrSzj_4GRfIxmQ0tQTEjgwAAAAI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|