Anonymous
2026-07-17 17:47:04
(2 minutes ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
cwytech
2026-07-17 10:48:23
(7 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wordpress-xmlrpc-bf-high.
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 10:45:33
(7 hours ago)
Large-scale coordinated botnet (777+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) ...
show more
Large-scale coordinated botnet (777+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) employed by Angara Technologies Group (Explicitly identified himself as enemy a week before attack began) | Attack Signature Blocked: /wishlist/index/add/product/11202/form_key/rXGJeRmaLJVXvYOo/ | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/38.0.840.0 Safari/534.0 | (Magento Site)
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:41:58
(10 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): ...
show more
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:41:51.294913 2026] [security2:error] [pid 6323:tid 6323] [client 102.215.78.52:34959] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.215.78.52 (+1 hits since last alert)|motherlyhomecare.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "motherlyhomecare.com"] [uri "/xmlrpc.php"] [unique_id "alncv-3g3Kwa4vLGIdPXOAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-17 05:17:47
(12 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.co ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)
show less
Brute-Force
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-17 04:21:18
(13 hours ago)
(wordpress) Failed wordpress login from 102.215.78.52 (KE/Kenya/karti.10ge-4.pe2.nbo1.icon.ke)
Brute-Force
Anonymous
2026-07-17 02:50:07
(14 hours ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.casa-ampia.gr; logs=/var/log/httpd/domains/casa-ampia.gr ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.casa-ampia.gr; logs=/var/log/httpd/domains/casa-ampia.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:26:26
(21 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): ...
show more
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:26:21.349723 2026] [security2:error] [pid 21535:tid 21535] [client 102.215.78.52:53029] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.215.78.52 (+1 hits since last alert)|benchmarkbcs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "benchmarkbcs.com"] [uri "/xmlrpc.php"] [unique_id "alk-bVZtJI4Nfnv0JURsuQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 18:44:34
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): ...
show more
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:44:30.797680 2026] [security2:error] [pid 20962:tid 20962] [client 102.215.78.52:49766] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.215.78.52 (+1 hits since last alert)|artizandecor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "artizandecor.com"] [uri "/xmlrpc.php"] [unique_id "alkmjmkr5uj2dpRD5WtHlAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 18:15:15
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): ...
show more
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 14:15:10.659564 2026] [security2:error] [pid 11559:tid 11559] [client 102.215.78.52:39703] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.215.78.52 (+1 hits since last alert)|newcitypark.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newcitypark.com"] [uri "/xmlrpc.php"] [unique_id "alkfrhaz42Ktm-pyN7ZAWwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-16 17:46:30
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฆ๐บ
screwlooseit.com.au
2026-07-16 15:55:12
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
karti.10ge-4.pe2.nbo1.icon.ke
Web App Attack
๐ซ๐ท
dynamix
2026-07-16 13:17:54
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-16 12:19:30
(1 day ago)
(xmlrpc) Failed xmlrpc access from 102.215.78.52 (KE/Kenya/karti.10ge-4.pe2.nbo1.icon.ke): 5 in the ...
show more
(xmlrpc) Failed xmlrpc access from 102.215.78.52 (KE/Kenya/karti.10ge-4.pe2.nbo1.icon.ke): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-16 03:44:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): ...
show more
(mod_security) mod_security (id:240335) triggered by 102.215.78.52 (karti.10ge-4.pe2.nbo1.icon.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 23:44:51.438033 2026] [security2:error] [pid 13861:tid 13868] [client 102.215.78.52:28377] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.215.78.52 (+1 hits since last alert)|maroontribe.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "maroontribe.com"] [uri "/xmlrpc.php"] [unique_id "alhTswtiNs6tLDuvcFbpDgAAAQM"]
show less
Brute-Force
Bad Web Bot
Web App Attack