MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 04:42:44.547837 2024] [security2:error] [pid 10432:tid 10432] [client 34.48.154.203:43494] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|cosplayculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cosplayculture.com"] [uri "/xmlrpc.php"] [unique_id "ZrXWhCoDLV50Q2mrytzIrgAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
WeekendWeb
|
|
Wordpress Vunerability attack
|
Web App Attack
|
|
Anonymous
|
|
joshuajohannes.de 34.48.154.203 [09/Aug/2024:01:20:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4287 "- ... show morejoshuajohannes.de 34.48.154.203 [09/Aug/2024:01:20:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4287 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
joshuajohannes.de 34.48.154.203 [09/Aug/2024:01:20:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4287 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" show less
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 18:30:21.176153 2024] [security2:error] [pid 16675:tid 16675] [client 34.48.154.203:33120] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.sacoriverjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.sacoriverjazz.org"] [uri "/xmlrpc.php"] [unique_id "ZrVG_QFb2T873-PZOINpVAAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
FeG Deutschland
|
|
Looking for CMS/PHP/SQL vulnerablilities - 13
|
Exploited Host
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 17:13:38.677033 2024] [security2:error] [pid 25719:tid 25719] [client 34.48.154.203:37332] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|equipoperu.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "equipoperu.org"] [uri "/xmlrpc.php"] [unique_id "ZrU1AkzwO9e_AZdne7q2cQAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleuserconte ... show more(mod_security) mod_security (id:240335) triggered by 34.48.154.203 (203.154.48.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 14:40:33.104831 2024] [security2:error] [pid 7712:tid 7712] [client 34.48.154.203:47690] [client 34.48.154.203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.48.154.203 (+1 hits since last alert)|www.teamweurding.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.teamweurding.com"] [uri "/xmlrpc.php"] [unique_id "ZrURIYLSjPzY6k3Hw0s6AgAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
cmbplf
|
|
518 requests to */xmlrpc.php
|
Brute-Force
Bad Web Bot
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octausername]
|
Web App Attack
|
|