ger-stg-sifi1
2024-10-07 11:56:22
(4 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
TPI-Abuse
2024-10-04 01:18:09
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 21:18:03.440771 2024] [security2:error] [pid 9471:tid 9471] [client 192.0.103.4:11072] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 192.0.103.4 (+1 hits since last alert)|www.susanleeward.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.susanleeward.com"] [uri "/xmlrpc.php"] [unique_id "Zv9CS8YmzT_JrYzTDsn-oAAAAAU"], referer: https://www.susanleeward.com/xmlrpc.php?for=jetpack&token=KE7aF%24%2A1SKstXFBDRgn%5E1lvbN%23XdDI2h%3A1%3A0×tamp=1728004683&nonce=ay4P4sWXAH&body-hash=S6eQWIkIyWQRIz9%2FjR0Vioq9s1Q%3D&signature=D7F3Urx%2B0F%2BAQl0wPH0PnBG8t5I%3D show less
Brute-Force
Bad Web Bot
Web App Attack
ger-stg-sifi1
2024-10-02 04:02:33
(5 days ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
Charles
2024-10-01 10:19:44
(6 days ago)
192.0.103.4 - - [01/Oct/2024:18:19:41 +0800] "GET /wp/?rest_route=%2Fjetpack%2Fv4%2Fsync%2Fstatus&fi ... show more 192.0.103.4 - - [01/Oct/2024:18:19:41 +0800] "GET /wp/?rest_route=%2Fjetpack%2Fv4%2Fsync%2Fstatus&fields=started%2Csend_started%2Cfinished%2Ctotal%2Cqueue%2Csent%2Cconfig%2Cqueue_size%2Cqueue_lag%2Cqueue_next_sync%2Cfull_queue_size%2Cfull_queue_lag%2Cfull_queue_next_sync%2Ccron_size%2Cnext_cron%2Cposts_checksum%2Ccomments_checksum%2Cpost_meta_checksum%2Ccomment_meta_checksum%2Ccomments_checksum&_for=jetpack&token=nZn9%40Akr0pRj%5EFiNtc%21SlR6gNyzDP1d%5E%3A1%3A0×tamp=1727777980&nonce=aEjkVQz51R&body-hash&signature=ZOtiQ3FepDkbKuBn4b%2F9%2F8H1f2A%3D HTTP/1.1" 200 5000 "https://amstar168.com/wp/?rest_route=%2Fjetpack%2Fv4%2Fsync%2Fstatus&fields=started%2Csend_started%2Cfinished%2Ctotal%2Cqueue%2Csent%2Cconfig%2Cqueue_size%2Cqueue_lag%2Cqueue_next_sync%2Cfull_queue_size%2Cfull_queue_lag%2Cfull_queue_next_sync%2Ccron_size%2Cnext_cron%2Cposts_checksum%2Ccomments_checksum%2Cpost_meta_checksum%2Ccomment_meta_checksum%2Ccomments_checksum&_for=jetpack&token=nZn9%40Akr0pRj%5EFiNtc%21SlR6gNyz
... show less
Web Spam
Email Spam
Brute-Force
Bad Web Bot
Web App Attack
SSH
thefoofighter
2024-10-01 05:29:43
(6 days ago)
[Tue Oct 01 05:29:42.902708 2024] [:error] [pid 2672960] [client 192.0.103.4:39220] [client 192.0.10 ... show more [Tue Oct 01 05:29:42.902708 2024] [:error] [pid 2672960] [client 192.0.103.4:39220] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sourcemodding.com"] [uri "/"] [unique_id "ZvuIxv__CyZhBi0HzfCR4wAAAA0"], referer: https://www.sourcemodding.com/?for=jetpack&jetpack=comms&token=REtbSH2kcFJfZXymw%235lx%26Ra1on4H%21PF%3A1%3A0×tamp=1727760582&nonce=9naAtRVlTT&body-hash=8llScdalAFj470WH3i51tHJhyac%3D&signature=SupFAVbs5i%2FeWGGxrZIqG6vb21U%3D
[Tue Oct 01 05:29:43.133942 2024] [:error] [pid 2673465] [client 192.0.103.4:39224] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE
... show less
Bad Web Bot
Web App Attack
applemooz
2024-09-28 17:38:14
(1 week ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
Dadelinux
2024-09-17 18:25:42
(2 weeks ago)
192.0.103.4 - - [17/Sep/2024:20:25:36 +0200] "POST /xmlrpc.php?for=jetpack&token=%28sKv%24ZyRQtXYG6% ... show more 192.0.103.4 - - [17/Sep/2024:20:25:36 +0200] "POST /xmlrpc.php?for=jetpack&token=%28sKv%24ZyRQtXYG6%21pu95%24sm9fiYbUN6ij%3A1%3A0×tamp=1726597536&nonce=GHlurDJtFM&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=QFC4RxrZ4H%2BSp5Rj%2B3TsqbyZwAw%3D HTTP/1.1" 200 4879 "https://lorenzogramaccia.com/xmlrpc.php?for=jetpack&token=%28sKv%24ZyRQtXYG6%21pu95%24sm9fiYbUN6ij%3A1%3A0×tamp=1726597536&nonce=GHlurDJtFM&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=QFC4RxrZ4H%2BSp5Rj%2B3TsqbyZwAw%3D" "Jetpack by WordPress.com"
192.0.103.4 - - [17/Sep/2024:20:25:38 +0200] "POST /xmlrpc.php?for=jetpack HTTP/1.1" 200 4977 "https://lorenzogramaccia.com/xmlrpc.php?for=jetpack" "WordPress.com; https://lorenzogramaccia.com"
192.0.103.4 - - [17/Sep/2024:20:25:39 +0200] "GET /xmlrpc.php?for=jetpack HTTP/1.1" 405 4759 "https://lorenzogramaccia.com/xmlrpc.php?for=jetpack" "WordPress.com; https://lorenzogramaccia.com" show less
SQL Injection
Web App Attack
TPI-Abuse
2024-09-17 10:39:05
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 06:38:59.908563 2024] [security2:error] [pid 18551:tid 18551] [client 192.0.103.4:28796] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 192.0.103.4 (+1 hits since last alert)|www.sirio-b.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.sirio-b.com"] [uri "/main/xmlrpc.php"] [unique_id "ZulcQ2qipkytG1YCv-f5lQAAAA4"], referer: http://www.sirio-b.com/main/xmlrpc.php?for=jetpack&token=aoLe%26OOrGnaso%24D%40IGT0aoRJ78IQ%24q%40j%3A1%3A0×tamp=1726569539&nonce=Gc7MIo149z&body-hash=wXxEwvaBDQTLEZa92PZ4I7HI258%3D&signature=xk%2F%2BAhVTMd0%2B2T1i3at7BmZWJ0M%3D show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-09-17 10:09:57
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
applemooz
2024-09-14 17:35:11
(3 weeks ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
Anonymous
2024-09-10 22:14:55
(3 weeks ago)
(wordpress) Failed wordpress login from 192.0.103.4 (US/United States/-)
Brute-Force
TPI-Abuse
2024-09-08 04:40:26
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 00:40:19.613246 2024] [security2:error] [pid 14489:tid 14489] [client 192.0.103.4:46032] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 192.0.103.4 (+1 hits since last alert)|www.playmobil365.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.playmobil365.com"] [uri "/blog/xmlrpc.php"] [unique_id "Zt0qs7ZThufCd2zGEHw4KAAAAAg"], referer: https://www.playmobil365.com/blog/xmlrpc.php?for=jetpack&token=Sg3g4%404Evl%28%28ZIVZbHWbOPFd%23Kq86b6F%3A1%3A0×tamp=1725770419&nonce=rSPabgupRi&body-hash=8B86fzSXw8xF3GUnkeUEWH0UIw0%3D&signature=v7Bpdkn94iVYTzCRuGx2fFTHep0%3D show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-07 04:24:30
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 192.0.103.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 00:24:25.884081 2024] [security2:error] [pid 15281:tid 15281] [client 192.0.103.4:49484] [client 192.0.103.4] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 192.0.103.4 (+1 hits since last alert)|desertalfas.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desertalfas.org"] [uri "/xmlrpc.php"] [unique_id "ZtvVebbE-6g6o6ZZiCOktgAAAAc"], referer: https://desertalfas.org/xmlrpc.php?for=jetpack&token=%28ht5fTz%2AK1EmZDeiGA%24ku%26c%28cXHG%26SJ2%3A1%3A0×tamp=1725683065&nonce=TirpkQmcbo&body-hash=SjNkOp7vVoxyRAUl%2FH15L5GIFDo%3D&signature=YuBxfLPg8MNQar6oVc3JUWEAZUY%3D show less
Brute-Force
Bad Web Bot
Web App Attack
NotCool
2024-09-06 14:06:49
(1 month ago)
(XMLRPC) WP XMLPRC Attack 192.0.103.4 (US/United States/-): 10 in the last 3600 secs; Ports: *; Dire ... show more (XMLRPC) WP XMLPRC Attack 192.0.103.4 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER show less
Brute-Force
MAGIC
2024-09-03 09:17:59
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot