bsoft.de
2024-08-28 07:34:17
(3 months ago)
206.189.54.221 - - [28/Aug/2024:07:37:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 ... show more 206.189.54.221 - - [28/Aug/2024:07:37:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
206.189.54.221 - - [28/Aug/2024:07:51:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
206.189.54.221 - - [28/Aug/2024:09:34:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" show less
Web App Attack
nationaleventpros.com
2024-08-28 03:33:40
(3 months ago)
WordPress login attempt
Brute-Force
tecnicorioja
2024-08-27 22:01:39
(3 months ago)
POST /xmlrpc.php [27/Aug/2024:08:22:05
Brute-Force
Web App Attack
Anonymous
2024-08-27 16:46:34
(3 months ago)
XMLRPC Hack Attempts
Hacking
Brute-Force
Anonymous
2024-08-27 10:27:33
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-08-26 09:55:36
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-08-26 06:36:02
(3 months ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/2.0, [1/1] done
Hacking
Web App Attack
mawan
2024-08-24 18:08:34
(3 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-08-24 15:26:43
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 206.189.54.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 206.189.54.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 11:26:36.166606 2024] [security2:error] [pid 24834:tid 24834] [client 206.189.54.221:53078] [client 206.189.54.221] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 206.189.54.221 (+1 hits since last alert)|combustiblesymineralesbyc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "combustiblesymineralesbyc.com"] [uri "/xmlrpc.php"] [unique_id "Zsn7rBvbxEZMeXeKvMBXpwAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-24 13:07:59
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
BRHosting
2024-08-24 06:48:03
(3 months ago)
Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)
Brute-Force
Web App Attack
nationaleventpros.com
2024-08-24 02:36:24
(3 months ago)
WordPress login attempt
Brute-Force
cmbplf
2024-08-23 18:27:44
(3 months ago)
687 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
Swiptly
2024-08-22 17:25:08
(3 months ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-22 14:50:08
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 206.189.54.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 206.189.54.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 10:50:02.267772 2024] [security2:error] [pid 25974:tid 25974] [client 206.189.54.221:29394] [client 206.189.54.221] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 206.189.54.221 (+1 hits since last alert)|statbotics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "statbotics.com"] [uri "/xmlrpc.php"] [unique_id "ZsdQGowvo_hW5uHuvN-4LAAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack