TPI-Abuse
2024-08-18 07:38:54
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 03:38:50.285516 2024] [security2:error] [pid 8027:tid 8027] [client 46.214.84.13:44892] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|didactrend.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "didactrend.com"] [uri "/xmlrpc.php"] [unique_id "ZsGlCp1KRC1uFKpwE_zUWgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
octageeks.com
2024-08-18 04:06:39
(3 weeks ago)
Wordpress malicious attack:[octawp]
Web App Attack
TPI-Abuse
2024-08-18 02:53:19
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 22:53:14.888333 2024] [security2:error] [pid 29632:tid 29632] [client 46.214.84.13:32960] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|karenbernsteinlaw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "karenbernsteinlaw.com"] [uri "/xmlrpc.php"] [unique_id "ZsFiGmxgqrYSnGJ3EoO4JAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 03:58:43
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 23:58:35.693967 2024] [security2:error] [pid 586:tid 586] [client 46.214.84.13:37724] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|etemcolak.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "etemcolak.com"] [uri "/xmlrpc.php"] [unique_id "ZsAf6zSlRw1FWdm3gfl4pQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 21:59:40
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 17:59:35.511687 2024] [security2:error] [pid 27621:tid 27621] [client 46.214.84.13:43584] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.daisydoesoap.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.daisydoesoap.com"] [uri "/xmlrpc.php"] [unique_id "Zr_LxzxG5wgepDFwSwvQKQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
octageeks.com
2024-08-16 04:06:59
(4 weeks ago)
Wordpress malicious attack:[octawp]
Web App Attack
TPI-Abuse
2024-08-15 13:44:25
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 09:44:21.934629 2024] [security2:error] [pid 20603:tid 20603] [client 46.214.84.13:38156] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.badconsultingllc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.badconsultingllc.com"] [uri "/xmlrpc.php"] [unique_id "Zr4GNXypeGAvf6QDNJq8dgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Malta
2024-08-15 04:22:57
(4 weeks ago)
46.214.84.13 - - [15/Aug/2024:06:22:56 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; I ... show more 46.214.84.13 - - [15/Aug/2024:06:22:56 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
octageeks.com
2024-08-15 04:06:39
(4 weeks ago)
Wordpress malicious attack:[octawp]
Web App Attack
TPI-Abuse
2024-08-14 21:34:58
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 17:34:53.363263 2024] [security2:error] [pid 27260:tid 27260] [client 46.214.84.13:37398] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.internetgamblingsites.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.internetgamblingsites.net"] [uri "/xmlrpc.php"] [unique_id "Zr0i_XSvyOey41-cPmGdbwAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 13:42:35
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 09:42:30.767426 2024] [security2:error] [pid 19256:tid 19256] [client 46.214.84.13:49604] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.peacecampus.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.peacecampus.org"] [uri "/xmlrpc.php"] [unique_id "Zry0RpLRf-WNGWfbfUUfxQAAACU"] show less
Brute-Force
Bad Web Bot
Web App Attack
octageeks.com
2024-08-14 04:06:37
(4 weeks ago)
Wordpress malicious attack:[octawp]
Web App Attack
TPI-Abuse
2024-08-13 09:07:35
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 05:07:31.482237 2024] [security2:error] [pid 3146436:tid 3146436] [client 46.214.84.13:33134] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.guitarwisdom.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.guitarwisdom.com"] [uri "/xmlrpc.php"] [unique_id "ZrsiUxOXX6IevWP-w-mNtgAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Malta
2024-08-12 22:24:29
(1 month ago)
46.214.84.13 - - [13/Aug/2024:00:24:29 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; I ... show more 46.214.84.13 - - [13/Aug/2024:00:24:29 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-08-12 05:38:42
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 46.214.84.13 (46-214-84-13.next-gen.ro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 01:38:37.923142 2024] [security2:error] [pid 6292:tid 6292] [client 46.214.84.13:47918] [client 46.214.84.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 46.214.84.13 (+1 hits since last alert)|www.rochesterhistorical.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rochesterhistorical.org"] [uri "/xmlrpc.php"] [unique_id "Zrmf3a5P7Pd6yo51tzghUQAAAB8"] show less
Brute-Force
Bad Web Bot
Web App Attack