Anonymous
2026-06-24 06:10:23
(5 days ago)
[redacted] 103.166.215.112 - - [24/Jun/2026:08:09:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 103.166.215.112 - - [24/Jun/2026:08:09:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:08:09:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
[redacted] 103.166.215.112 - - [24/Jun/2026:08:09:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:08:10:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:08:10:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site91324008.com"
...
show less
Hacking
Web App Attack
Anonymous
2026-06-24 04:07:15
(5 days ago)
[redacted] 103.166.215.112 - - [24/Jun/2026:06:06:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 103.166.215.112 - - [24/Jun/2026:06:06:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.2; http://site89234684.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:06:06:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:06:06:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.3; http://site67396292.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:06:07:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 103.166.215.112 - - [24/Jun/2026:06:07:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 03:38:53
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 23:38:47.408168 2026] [security2:error] [pid 19577:tid 19577] [client 103.166.215.112:53297] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.215.112 (+1 hits since last alert)|zerotaxlab.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zerotaxlab.com"] [uri "/xmlrpc.php"] [unique_id "ajtRR_26QvECi6yRLFxzbQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-06-24 01:33:12
(5 days ago)
(wordpress) Failed wordpress login from 103.166.215.112 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-23 21:20:53
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 17:20:46.079828 2026] [security2:error] [pid 16705:tid 16705] [client 103.166.215.112:40680] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.215.112 (+1 hits since last alert)|breezentry.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "breezentry.com"] [uri "/xmlrpc.php"] [unique_id "ajr4rmaE41g4kEPRPyYx8QAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
netclix.gr
2026-06-23 20:35:24
(5 days ago)
(wordpress) Failed wordpress login from 103.166.215.112 (IN/India/-): (CF_ENABLE)
Brute-Force
๐ง๐ช
cmbplf
2026-06-23 20:29:43
(5 days ago)
3.481 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
dbmwebdesign
2026-06-23 16:50:19
(6 days ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 16:20:11
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 12:20:02.789548 2026] [security2:error] [pid 19052:tid 19052] [client 103.166.215.112:61776] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.215.112 (+1 hits since last alert)|mytapt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mytapt.com"] [uri "/xmlrpc.php"] [unique_id "ajqyMn8HvQ1upJJchok6cgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
noise.agency
2026-06-23 13:08:47
(6 days ago)
(wordpress) Failed wordpress login from 103.166.215.112 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-23 12:39:59
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.166.215.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 08:39:52.862749 2026] [security2:error] [pid 29771:tid 29771] [client 103.166.215.112:36761] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.166.215.112 (+1 hits since last alert)|thehealthyplaceclayton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "ajp-mHdBfbMXq5ELh910mAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ท
dominioz
2026-06-23 10:35:17
(6 days ago)
2026-06-23 10:33:45 POST /xmlrpc.php - - 103.166.215.112 HTTP/1.1 Jetpack+by+WordPress.com+(Jetpack+ ...
show more
2026-06-23 10:33:45 POST /xmlrpc.php - - 103.166.215.112 HTTP/1.1 Jetpack+by+WordPress.com+(Jetpack+13.0;+WordPress+6.2) - 200 650
2026-06-23 10:33:54 POST /xmlrpc.php - - 103.166.215.112 HTTP/1.1 WordPress.com;+https://wordpress.com - 200 650
2026-06-23 10:34:05 POST /xmlrpc.php - - 103.166.215.112 HTTP/1.1 Jetpack+by+WordPress.com - 200 650
2026-06-23 10:34:16 POST /xmlrpc.php - - 103.166.215.112 HTTP/1.1 Jetpack+by+WordPress.com - 200 650
...
show less
Web App Attack
๐ซ๐ท
masterguru
2026-06-23 08:00:59
(6 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ซ๐ท
dynamix
2026-06-23 05:57:37
(6 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
BlueStem123
2026-05-24 20:01:02
(1 month ago)
Automated scanner targeting WordPress installations. Source produced sustained scanning activity exc ...
show more
Automated scanner targeting WordPress installations. Source produced sustained scanning activity exceeding 100 requests within a 60-minute window.
show less
Bad Web Bot
Web App Attack