TPI-Abuse
2024-10-06 21:01:23
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 06 17:01:18.053481 2024] [security2:error] [pid 20572:tid 20572] [client 164.52.206.180:48250] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|www.spacebooger.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.spacebooger.com"] [uri "/xmlrpc.php"] [unique_id "ZwL6ngXR_ImIUjbk5ByZSwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-06 07:10:40
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 06 03:10:32.908280 2024] [security2:error] [pid 15234:tid 15234] [client 164.52.206.180:37816] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|kmelson.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kmelson.com"] [uri "/xmlrpc.php"] [unique_id "ZwI36B7plfPOHiXeyY-hAQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-06 06:29:30
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 06 02:29:24.104231 2024] [security2:error] [pid 31208:tid 31208] [client 164.52.206.180:45980] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|marinestorage.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "marinestorage.com"] [uri "/xmlrpc.php"] [unique_id "ZwIuRHu9FnYaO0D52wQCkQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-05 17:22:11
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 13:22:04.732503 2024] [security2:error] [pid 22427:tid 22427] [client 164.52.206.180:33496] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|www.fgrotary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.fgrotary.org"] [uri "/xmlrpc.php"] [unique_id "ZwF1vGvMlYgiugFsd4o7wQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Malta
2024-10-05 12:27:21
(3 months ago)
164.52.206.180 - - [05/Oct/2024:14:27:20 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 164.52.206.180 - - [05/Oct/2024:14:27:20 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" show less
Hacking
Web App Attack
TPI-Abuse
2024-10-05 12:06:36
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 08:06:30.831052 2024] [security2:error] [pid 310:tid 310] [client 164.52.206.180:36580] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|phoboschildren.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "phoboschildren.com"] [uri "/xmlrpc.php"] [unique_id "ZwErxrCNNVZsz5XS3cZ-mAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-05 07:33:42
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 03:33:37.116315 2024] [security2:error] [pid 4211:tid 4211] [client 164.52.206.180:47284] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|rwabutazafoundation.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rwabutazafoundation.org"] [uri "/xmlrpc.php"] [unique_id "ZwDr0Vs0W-lXlD-bApFhOgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-04 02:21:33
(3 months ago)
Bad Web Bot
Web App Attack
Ba-Yu
2024-10-03 11:32:24
(3 months ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
Malta
2024-10-03 10:30:04
(3 months ago)
164.52.206.180 - - [03/Oct/2024:12:30:03 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (X11; Linux ... show more 164.52.206.180 - - [03/Oct/2024:12:30:03 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-08-30 18:59:57
(4 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 30 14:59:49.599979 2024] [security2:error] [pid 3300300:tid 3300300] [client 164.52.206.180:38936] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|www.mfleetservice.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.mfleetservice.com"] [uri "/xmlrpc.php"] [unique_id "ZtIWpYrBCj5_Tx19WzkdRQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
packets-decreaser.net
2024-08-30 14:45:35
(4 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
TPI-Abuse
2024-08-30 14:21:11
(4 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 30 10:21:06.832287 2024] [security2:error] [pid 1659933:tid 1660045] [client 164.52.206.180:46798] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|www.ccgparquitectos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ccgparquitectos.com"] [uri "/xmlrpc.php"] [unique_id "ZtHVUordsstSno7kkIN7lAAAAE8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-28 23:35:37
(4 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 28 19:35:29.741093 2024] [security2:error] [pid 13652:tid 13652] [client 164.52.206.180:52158] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|desertalfas.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desertalfas.org"] [uri "/xmlrpc.php"] [unique_id "Zs-0QZGuYQYw4eWRQ30-AwAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-28 21:54:29
(4 months ago)
(mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): ... show more (mod_security) mod_security (id:240335) triggered by 164.52.206.180 (e2e-74-180.ssdcloudindia.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 28 17:54:23.199191 2024] [security2:error] [pid 11165:tid 11165] [client 164.52.206.180:53942] [client 164.52.206.180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 164.52.206.180 (+1 hits since last alert)|padegan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "padegan.com"] [uri "/xmlrpc.php"] [unique_id "Zs-cj4tYmVG-3fj5MyKRzwAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack