๐ซ๐ท
LRob
2026-07-10 08:08:50
(6 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)","WordPress.com; https://wordpress.com","Jetpack/13.0; WordPress/6.3; http://site16972196.com
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-01 16:08:16
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-27 17:12:02
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐จ๐ฆ
polycoda
2026-06-26 16:01:22
(1 week ago)
AutoBlock: ๐ WordPress Login Brute Force (20X or 30X) (Decay-Based)
Brute-Force
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-22 12:40:39
(2 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-20 07:21:29
(2 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
Anonymous
2026-06-14 20:28:04
(3 weeks ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2026-06-14 12:49:09
(3 weeks ago)
[Sun Jun 14 19:49:09.260565 2026] [security2:error] [pid 105396:tid 139673033746112] [client 103.173 ...
show more
[Sun Jun 14 19:49:09.260565 2026] [security2:error] [pid 105396:tid 139673033746112] [client 103.173.21.214:58000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.google.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.google.go.id found within REQUEST_HEADERS:Referer: https://www.google.go.id/ request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-tahunan HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-tahunan"] [unique_id "ai6jRfNwdJ6L0YJ0HtfF6gACEAU"], referer https://www.google.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[105402] [8afCIjZlBUE] [ai6jRfNwdJ6L0YJ0HtfF6gACEAU] keep_alive=[1] [2026-06-14 19:49:09.260568] [R:ai6jRfNwdJ6L0YJ0HtfF6gACEAU] UA:'Mozilla/5.0 (Android 13; Mobile; rv:129.0)
...
show less
Email Spam
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-14 08:57:42
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 04:57:38.129961 2026] [security2:error] [pid 11969:tid 11969] [client 103.173.21.214:53085] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.173.21.214 (+1 hits since last alert)|livingminimal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "livingminimal.com"] [uri "/xmlrpc.php"] [unique_id "ai5tAqEVjShL65O23C1lkQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 13:30:27
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:30:21.874306 2026] [security2:error] [pid 11406:tid 11406] [client 103.173.21.214:65061] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.173.21.214 (+1 hits since last alert)|equipoperu.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "equipoperu.org"] [uri "/xmlrpc.php"] [unique_id "aiwJ7b0FzC83lZByTgUA2wAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
grassau.com
2026-06-09 07:16:57
(1 month ago)
(wordpress) Failed wordpress login from 103.173.21.214 (IN/India/Gujarat/Ahmedabad/-)
Brute-Force
Anonymous
2026-06-07 05:41:15
(1 month ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 03:08:50
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 103.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:08:47.073175 2026] [security2:error] [pid 14390:tid 14390] [client 103.173.21.214:60579] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.173.21.214 (+1 hits since last alert)|krystalsgiftshopandboutique.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "krystalsgiftshopandboutique.net"] [uri "/xmlrpc.php"] [unique_id "aiDsPyw7U1QdB9Nh-1e_1AAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack