๐ช๐ธ
alferez
2026-07-18 13:11:23
(1 day ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
Anonymous
2026-07-18 12:58:14
(1 day ago)
[redacted] 103.160.26.218 - - [18/Jul/2026:14:57:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 103.160.26.218 - - [18/Jul/2026:14:57:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 103.160.26.218 - - [18/Jul/2026:14:57:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)"
[redacted] 103.160.26.218 - - [18/Jul/2026:14:57:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 103.160.26.218 - - [18/Jul/2026:14:58:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site13867664.com"
[redacted] 103.160.26.218 - - [18/Jul/2026:14:58:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
bigwavedave
2026-07-18 11:57:33
(1 day ago)
Wordpress Attack
Web App Attack
๐ช๐ธ
masterguru
2026-07-18 10:26:53
(1 day ago)
(xmlrpc) Failed xmlrpc access from 103.160.26.218 (IN/India/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-18 09:13:13
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 05:13:09.841241 2026] [security2:error] [pid 20527:tid 20546] [client 103.160.26.218:59166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|rawhabitat.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rawhabitat.com"] [uri "/xmlrpc.php"] [unique_id "altDpbuAz7AhtJ0IBbk79gAAAFE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 08:42:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 04:42:23.281541 2026] [security2:error] [pid 2087343:tid 2087343] [client 103.160.26.218:64783] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|webersource.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webersource.com"] [uri "/xmlrpc.php"] [unique_id "als8b-189D6u2l5JWY3_9wAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-17 13:36:47
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-07-17 11:53:02
(2 days ago)
103.160.26.218 - - [17/Jul/2026:19:52:41 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "WordPress. ...
show more
103.160.26.218 - - [17/Jul/2026:19:52:41 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "WordPress.com; https://wordpress.com"
103.160.26.218 - - [17/Jul/2026:19:52:51 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "Jetpack by WordPress.com"
103.160.26.218 - - [17/Jul/2026:19:53:01 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-17 11:24:32
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 07:24:27.091144 2026] [security2:error] [pid 6845:tid 6981] [client 103.160.26.218:60610] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|jpdesign.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jpdesign.us"] [uri "/xmlrpc.php"] [unique_id "aloQ6451-eXH1Mwfbh1TEAAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-17 10:51:48
(2 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 09:52:47
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:52:42.609964 2026] [security2:error] [pid 28935:tid 28935] [client 103.160.26.218:51163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|technesa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "aln7auxIsFb1zBlll9m1PwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:58:59
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:58:54.616187 2026] [security2:error] [pid 27174:tid 27174] [client 103.160.26.218:55825] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|drjasonkolber.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drjasonkolber.com"] [uri "/xmlrpc.php"] [unique_id "ali5bpulMdg6JR7oG0O04QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 06:27:57
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.160.26.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 02:27:51.326504 2026] [security2:error] [pid 28582:tid 28582] [client 103.160.26.218:58912] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.160.26.218 (+1 hits since last alert)|jmichaelpope.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jmichaelpope.com"] [uri "/xmlrpc.php"] [unique_id "alh557NVbzyOZkVLCVvCpgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-16 05:20:12
(3 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 04:50:27
(3 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack