TPI-Abuse
2024-09-12 18:33:56
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 14:33:40.487928 2024] [security2:error] [pid 5879:tid 5879] [client 223.73.120.121:27038] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|www.kandocopies.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.kandocopies.com"] [uri "/xmlrpc.php"] [unique_id "ZuM0BN-70ivqC3BadbVG9gAAABI"], referer: https://www.kandocopies.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 18:08:23
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 14:08:06.149205 2024] [security2:error] [pid 3948292:tid 3948292] [client 223.73.120.121:27330] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|www.fredlandia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.fredlandia.com"] [uri "/xmlrpc.php"] [unique_id "ZuMuBqSZ9hAtpUzlfsX2BwAAAA0"], referer: https://www.fredlandia.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
findlab
2024-09-12 17:00:02
(3 weeks ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 15:45:39
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 11:45:22.241424 2024] [security2:error] [pid 28139:tid 28139] [client 223.73.120.121:33157] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|sharonmauldin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sharonmauldin.com"] [uri "/xmlrpc.php"] [unique_id "ZuMMkro3fRCZWx7x9qULggAAAAc"], referer: https://sharonmauldin.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
physke
2024-09-12 12:59:50
(3 weeks ago)
REQUESTED PAGE: /xmlrpc.php
Web App Attack
fortypoundhead
2024-09-12 10:00:39
(3 weeks ago)
PHP vulnerability scan
Web App Attack
Anonymous
2024-09-12 08:11:27
(3 weeks ago)
apache-wordpress-login
Brute-Force
Web App Attack
TPI-Abuse
2024-09-12 06:23:09
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 02:22:55.894050 2024] [security2:error] [pid 9271:tid 9271] [client 223.73.120.121:27238] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|epetsure.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "epetsure.co"] [uri "/xmlrpc.php"] [unique_id "ZuKIvykV-rsxj9gDjK_ucQAAABk"], referer: https://epetsure.co/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 05:25:32
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 01:25:14.567959 2024] [security2:error] [pid 12921:tid 12932] [client 223.73.120.121:5370] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|lawyerlouisiana.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lawyerlouisiana.com"] [uri "/xmlrpc.php"] [unique_id "ZuJ7Onr-S8MgWprYTIyFSAAAAIc"], referer: https://lawyerlouisiana.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 05:08:29
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 01:08:12.773090 2024] [security2:error] [pid 21195:tid 21195] [client 223.73.120.121:5332] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|www.charlescastleman.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.charlescastleman.com"] [uri "/xmlrpc.php"] [unique_id "ZuJ3PNeK8y53ArA37NEr-AAAABU"], referer: https://www.charlescastleman.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 04:14:19
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 00:14:02.624694 2024] [security2:error] [pid 8722:tid 8722] [client 223.73.120.121:28598] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|stacyfarm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "ZuJqirvmViiz-Kp3UZHDKQAAAAI"], referer: http://stacyfarm.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
afleventoffice.com.au
2024-09-12 03:41:47
(3 weeks ago)
Web App Attack
TPI-Abuse
2024-09-12 03:28:51
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 223.73.120.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 11 23:28:34.620199 2024] [security2:error] [pid 30905:tid 30905] [client 223.73.120.121:27356] [client 223.73.120.121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 223.73.120.121 (+1 hits since last alert)|www.kerrywood.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.kerrywood.com"] [uri "/xmlrpc.php"] [unique_id "ZuJf4jT2uNBpnri_HMhC4wAAAAk"], referer: http://www.kerrywood.com/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-09-12 03:03:37
(3 weeks ago)
Too many Status 40X (11)
Brute-Force
Web App Attack
Anonymous
2024-09-12 01:06:08
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH