๐ฉ๐ช
neckaralb-admin.de
2026-07-18 16:50:47
(5 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-18 13:41:58
(8 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
IndigoRidge
2026-07-17 16:49:54
(1 day ago)
103.151.16.159 - - [17/Jul/2026:12:47:42 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress. ...
show more
103.151.16.159 - - [17/Jul/2026:12:47:42 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress.com; https://wordpress.com"
103.151.16.159 - - [17/Jul/2026:12:48:47 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress.com; https://wordpress.com"
103.151.16.159 - - [17/Jul/2026:12:49:20 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress.com; https://wordpress.com"
103.151.16.159 - - [17/Jul/2026:12:49:42 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress.com; https://wordpress.com"
103.151.16.159 - - [17/Jul/2026:12:49:53 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
Anonymous
2026-07-17 15:47:59
(1 day ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.dentallaboratory.gr; logs=/var/log/httpd/domains/dentall ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.dentallaboratory.gr; logs=/var/log/httpd/domains/dentallaboratory.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
Anonymous
2026-07-17 15:45:55
(1 day ago)
(wordpress) Failed wordpress login from 103.151.16.159 (IN/India/-/-/-/[redacted])
Brute-Force
Anonymous
2026-07-17 15:03:27
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 17:22:31
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:22:22.287928 2026] [security2:error] [pid 7970:tid 7970] [client 103.151.16.159:57292] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.151.16.159 (+1 hits since last alert)|thepercussionworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thepercussionworks.com"] [uri "/xmlrpc.php"] [unique_id "alkTTsGPWGZsoqI5D0wSWQAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-16 17:17:46
(2 days ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: /xmlrpc.php | UA: Jetpack/12.1; WordPress/6.3; http://site9547499 ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: /xmlrpc.php | UA: Jetpack/12.1; WordPress/6.3; http://site95474996.com
show less
Brute-Force
Web App Attack
Anonymous
2026-07-15 16:05:03
(3 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:14:27
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:14:23.550377 2026] [security2:error] [pid 13088:tid 13088] [client 103.151.16.159:50153] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.151.16.159 (+1 hits since last alert)|lighthousescm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lighthousescm.com"] [uri "/xmlrpc.php"] [unique_id "alZST8U6_8NAL5DbLHGa7QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ท
ycoskun41
2026-07-14 14:08:26
(4 days ago)
fail2ban: plesk-modsecurity jail on genckocaeli.com
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-13 17:49:05
(5 days ago)
Probing websites for vulnerabilities
Web App Attack
๐ซ๐ท
masterguru
2026-07-13 16:48:04
(5 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-13 14:46:37
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.151.16.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 10:46:31.439484 2026] [security2:error] [pid 32603:tid 32603] [client 103.151.16.159:50098] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.151.16.159 (+1 hits since last alert)|waterjetsolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterjetsolutions.com"] [uri "/xmlrpc.php"] [unique_id "alT6R87CdGur64lADBIT3gAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-13 14:45:26
(5 days ago)
(wordpress) Failed wordpress login from 103.151.16.159 (IN/India/-)
Brute-Force