๐บ๐ธ
bigwavedave
2026-07-17 06:15:50
(9 hours ago)
Wordpress Attack
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-15 06:22:00
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
4server
2026-07-14 12:59:43
(3 days ago)
[TueJul1414:59:35.4510602026][security2:error][pid1590760:tid1590780][client103.158.121.117:0]ModSec ...
show more
[TueJul1414:59:35.4510602026][security2:error][pid1590760:tid1590780][client103.158.121.117:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"robertselitrenny.ch\"][uri\"/xmlrpc.php\"][unique_id\"alYyt7TxjQWL4-VDhtc2CAAAAJA\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 14:42:39
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 10:42:26.157911 2026] [security2:error] [pid 19669:tid 19669] [client 103.158.121.117:60141] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.158.121.117 (+1 hits since last alert)|seagrovesrealty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seagrovesrealty.com"] [uri "/xmlrpc.php"] [unique_id "alT5UgWyPwjtrmo0UNDExQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2026-07-13 13:39:04
(4 days ago)
(wordpress) Failed wordpress login from 103.158.121.117 (ID/Indonesia/-): (CF_ENABLE)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-12 19:17:47
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 15:17:35.618390 2026] [security2:error] [pid 18254:tid 18254] [client 103.158.121.117:52274] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.158.121.117 (+1 hits since last alert)|brbcoin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brbcoin.com"] [uri "/xmlrpc.php"] [unique_id "alPoTzvql6ezDAaYSgyp8gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
lenz
2026-07-12 12:39:20
(5 days ago)
Jul 12 14:38:36 hosting wordpress(grupa-ddd.pl)[11564]: XML-RPC authentication failure for admin fro ...
show more
Jul 12 14:38:36 hosting wordpress(grupa-ddd.pl)[11564]: XML-RPC authentication failure for admin from 103.158.121.117
Jul 12 14:38:47 hosting wordpress(grupa-ddd.pl)[1203]: XML-RPC authentication failure for admin from 103.158.121.117
Jul 12 14:38:57 hosting wordpress(grupa-ddd.pl)[1202]: XML-RPC authentication failure for admin from 103.158.121.117
Jul 12 14:39:08 hosting wordpress(grupa-ddd.pl)[2270]: XML-RPC authentication failure for admin from 103.158.121.117
Jul 12 14:39:19 hosting wordpress(grupa-ddd.pl)[1204]: XML-RPC authentication failure for admin from 103.158.121.117
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-05 02:29:38
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
LARL-Stompro-2024
2026-07-05 02:29:01
(1 week ago)
Evergreen ILS - Mylist Bot Abuse - HTTP Port 443 - Fake UserAgent. Requests:2
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-05 01:48:38
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 21:48:26.544908 2026] [security2:error] [pid 18978:tid 18978] [client 103.158.121.117:60346] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.158.121.117 (+1 hits since last alert)|rotentendales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rotentendales.com"] [uri "/xmlrpc.php"] [unique_id "akm36jYqyo2NdvdsTrioSwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-07-04 04:19:52
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-03 07:30:21
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:30:10.494456 2026] [security2:error] [pid 2680:tid 2729] [client 103.158.121.117:51311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.158.121.117 (+1 hits since last alert)|managementlaw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "managementlaw.com"] [uri "/xmlrpc.php"] [unique_id "akdlAvnnXO3MBdZK-tJVrwAAANY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-06-30 16:00:38
(2 weeks ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-06-29 08:46:10
(2 weeks ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-29 08:01:23
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.158.121.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 04:01:09.713497 2026] [security2:error] [pid 24506:tid 24506] [client 103.158.121.117:54657] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.158.121.117 (+1 hits since last alert)|lacycustombuilt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lacycustombuilt.com"] [uri "/xmlrpc.php"] [unique_id "akImRXU72jIpybsm1UilTwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack