๐ฉ๐ช
ghostwarriors
2026-07-15 14:51:01
(28 minutes ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 14:39:38
(40 minutes ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐ซ๐ท
bazter.pro
2026-07-15 10:47:05
(4 hours ago)
Fail2Ban: plesk-bot-aggressive - 15 failures
Port Scan
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 09:39:25
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 05:39:18.538878 2026] [security2:error] [pid 21250:tid 21250] [client 103.157.200.34:26757] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.157.200.34 (+1 hits since last alert)|femalegamblers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "femalegamblers.org"] [uri "/xmlrpc.php"] [unique_id "aldVRvfsmABDbjPL-a9u9wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-15 06:18:34
(9 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-14 20:11:03
(19 hours ago)
103.157.200.34 - - [14/Jul/2026:22:10:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ...
show more
103.157.200.34 - - [14/Jul/2026:22:10:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
103.157.200.34 - - [14/Jul/2026:22:10:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
103.157.200.34 - - [14/Jul/2026:22:10:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/13.0; WordPress/6.4; http://site42036356.com"
103.157.200.34 - - [14/Jul/2026:22:10:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/13.0; WordPress/6.4; http://site42036356.com"
103.157.200.34 - - [14/Jul/2026:22:11:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
LRob
2026-07-14 14:37:19
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https:// ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https://wordpress.com
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-14 14:37:01
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
applemooz
2026-07-13 13:49:14
(2 days ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 12:30:41
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 08:30:35.986638 2026] [security2:error] [pid 16116:tid 16116] [client 103.157.200.34:26541] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.157.200.34 (+1 hits since last alert)|firebelly.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "firebelly.org"] [uri "/xmlrpc.php"] [unique_id "alOI68Cc1QbfIBT0fgDvDgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-12 00:10:28
(3 days ago)
Excessive 404/403 errors
Brute-Force
Anonymous
2026-07-11 15:44:58
(3 days ago)
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-11 15:43:41
(3 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-04 10:57:21
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 06:57:13.908416 2026] [security2:error] [pid 18969:tid 18969] [client 103.157.200.34:6252] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.157.200.34 (+1 hits since last alert)|ismaelcavazos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ismaelcavazos.com"] [uri "/xmlrpc.php"] [unique_id "akjnCehUw78LEhiu1soK5QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 07:03:51
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.157.200.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 03:03:47.619692 2026] [security2:error] [pid 10084:tid 10084] [client 103.157.200.34:6340] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.157.200.34 (+1 hits since last alert)|vintageamptubes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "vintageamptubes.com"] [uri "/xmlrpc.php"] [unique_id "akiwU8uQWbvZmpMmCSDM-QAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack