TPI-Abuse
2024-08-16 19:37:43
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 15:37:37.150659 2024] [security2:error] [pid 28429:tid 28429] [client 34.48.154.203:44288] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|societasprivata.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "societasprivata.com"] [uri "/xmlrpc.php"] [unique_id "Zr-qgdQdXysdAQBLvdBImwAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Netgnome
2024-08-16 17:10:04
(1 month ago)
SMTP/25 Login, AUTH=EFAIL:TYPE=CRAM-MD5
Brute-Force
TPI-Abuse
2024-08-16 14:59:18
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 10:59:11.635284 2024] [security2:error] [pid 15504:tid 15504] [client 34.48.154.203:57220] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.davidquiroa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.davidquiroa.com"] [uri "/xmlrpc.php"] [unique_id "Zr9pPxo5eI0_Fu-HqYgeuQAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
ger-stg-sifi1
2024-08-15 23:26:43
(1 month ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
TPI-Abuse
2024-08-15 21:45:09
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 17:45:01.638992 2024] [security2:error] [pid 24481:tid 24481] [client 34.48.154.203:36014] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.cartiologyfilms.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.cartiologyfilms.com"] [uri "/xmlrpc.php"] [unique_id "Zr523f-YuSEKMlF04fFzHgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
BlueWire Hosting
2024-08-11 04:10:02
(2 months ago)
Probing Wordpress websites
Web App Attack
MAGIC
2024-08-11 04:03:32
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-08-11 02:32:26
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 22:32:22.751943 2024] [security2:error] [pid 19264:tid 19274] [client 34.48.154.203:53660] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|property-management.company|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "property-management.company"] [uri "/xmlrpc.php"] [unique_id "ZrgitohCZ-t_Eevhq-cPyQAAAIg"] show less
Brute-Force
Bad Web Bot
Web App Attack
ger-stg-sifi1
2024-08-10 22:49:37
(2 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
rh24
2024-08-10 22:39:22
(2 months ago)
(wordpress) Failed wordpress login from 34.48.154.203 (US/United States/203.154.48.34.bc.googleuserc ... show more (wordpress) Failed wordpress login from 34.48.154.203 (US/United States/203.154.48.34.bc.googleusercontent.com) show less
Brute-Force
taivas.nl
2024-08-10 17:02:10
(2 months ago)
Wordpress_xmlrpc_attack
Bad Web Bot
TPI-Abuse
2024-08-10 01:41:13
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 21:41:04.608993 2024] [security2:error] [pid 7039:tid 7039] [client 34.48.154.203:35838] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.rochesterhistorical.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rochesterhistorical.org"] [uri "/xmlrpc.php"] [unique_id "ZrbFMCxVRG_2byscTb34wQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 23:55:15
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 19:55:09.860050 2024] [security2:error] [pid 4579:tid 4579] [client 34.48.154.203:56564] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.localpetsitters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.localpetsitters.com"] [uri "/xmlrpc.php"] [unique_id "ZrasXSuPyyKJU7Ui1exh0wAAABw"] show less
Brute-Force
Bad Web Bot
Web App Attack
FeG Deutschland
2024-08-09 21:33:02
(2 months ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
TPI-Abuse
2024-08-09 20:10:21
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more (mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 16:10:17.305830 2024] [security2:error] [pid 750:tid 750] [client 34.48.154.203:44970] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|rotentendales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rotentendales.com"] [uri "/xmlrpc.php"] [unique_id "ZrZ3qc_ucHsQydYc78WMBwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack