๐ฉ๐ช
Vegascosmetics
2026-07-02 05:52:29
(6 days ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐ซ๐ท
dynamix
2026-06-27 08:38:19
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
Kenshin869
2026-06-27 04:26:33
(1 week ago)
Wordpress unauthorized access attempt
Brute-Force
๐ฒ๐พ
Rizzy
2026-06-24 05:21:54
(2 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 15:30:51
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithr ...
show more
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithriltele.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 11:30:46.731061 2026] [security2:error] [pid 13426:tid 13426] [client 103.149.16.79:59027] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.149.16.79 (+1 hits since last alert)|palumbodesigns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "palumbodesigns.com"] [uri "/xmlrpc.php"] [unique_id "ajlVJtt1J7Q6WdsJsmDatwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-15 03:52:16
(3 weeks ago)
Try to access /xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 03:18:54
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithr ...
show more
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithriltele.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:18:48.554547 2026] [security2:error] [pid 12426:tid 12426] [client 103.149.16.79:52986] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.149.16.79 (+1 hits since last alert)|terfgunclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "terfgunclub.com"] [uri "/xmlrpc.php"] [unique_id "ai9vGMyTX7FYqlc5a7AzxgAAAF0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-06-11 14:59:01
(3 weeks ago)
(wordpress) Failed wordpress login from 103.149.16.79 (IN/India/79.16.149.103-in-addr.arpa-mithrilte ...
show more
(wordpress) Failed wordpress login from 103.149.16.79 (IN/India/79.16.149.103-in-addr.arpa-mithriltele.net)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-11 05:51:17
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithr ...
show more
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithriltele.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:51:13.993712 2026] [security2:error] [pid 10561:tid 10561] [client 103.149.16.79:57227] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.149.16.79 (+1 hits since last alert)|jesussotoca.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jesussotoca.com"] [uri "/xmlrpc.php"] [unique_id "aipM0arxS-R8oh40RebDuQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-06-09 05:00:25
(4 weeks ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-06 06:54:18
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithr ...
show more
(mod_security) mod_security (id:225170) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithriltele.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 02:54:12.114874 2026] [security2:error] [pid 25431:tid 25431] [client 103.149.16.79:55235] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||barigby.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "barigby.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiPEFIZWvJXBS-_nYi3BjAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-05 15:23:13
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithr ...
show more
(mod_security) mod_security (id:240335) triggered by 103.149.16.79 (79.16.149.103-in-addr.arpa-mithriltele.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 11:23:06.568128 2026] [security2:error] [pid 27195:tid 27195] [client 103.149.16.79:62429] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.149.16.79 (+1 hits since last alert)|jonasrimkunas.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jonasrimkunas.com"] [uri "/xmlrpc.php"] [unique_id "aiLp2sB6FW4PuqDKjwOXYQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-05-30 15:43:43
(1 month ago)
(wordpress) Failed wordpress login from 103.149.16.79 (IN/India/79.16.149.103-in-addr.arpa-mithrilte ...
show more
(wordpress) Failed wordpress login from 103.149.16.79 (IN/India/79.16.149.103-in-addr.arpa-mithriltele.net)
show less
Brute-Force
Anonymous
2026-05-26 13:55:19
(1 month ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=hacm.gr; logs=/var/log/httpd/domains/hacm.gr.log; samples=/ ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=hacm.gr; logs=/var/log/httpd/domains/hacm.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-05-26 08:48:28
(1 month ago)
2026-05-26T10:48:26.696590+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication attempt for unknown ...
show more
2026-05-26T10:48:26.696590+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication attempt for unknown user 5fm from 103.149.16.79
show less
Web App Attack