๐บ๐ธ
n2nguyenn2nguyen
2026-07-02 13:03:00
(2 weeks ago)
Blocked by YFC Security on https://brixzly.com โ type: xmlrpc_attempts
Brute-Force
Web App Attack
๐ฉ๐ช
Marc
2026-06-30 15:06:22
(2 weeks ago)
103.191.198.149 - - [30/Jun/2026:17:06:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3722 "-" "Jetpack/1 ...
show more
103.191.198.149 - - [30/Jun/2026:17:06:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3722 "-" "Jetpack/12.1; WordPress/6.3; http://site67138502.com" 103.191.198.149 - - [30/Jun/2026:17:06:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3722 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 103.191.198.149 - - [30/Jun/2026:17:06:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3723 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 19:15:23
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 15:15:18.225170 2026] [security2:error] [pid 30785:tid 30785] [client 103.191.198.149:57905] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.191.198.149 (+1 hits since last alert)|billwegener.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "billwegener.net"] [uri "/xmlrpc.php"] [unique_id "akLERvuMrPr7EU1X3NcFMwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
francoisunix
2026-06-29 16:38:46
(2 weeks ago)
103.191.198.149 - - [29/Jun/2026:16:37:56 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by ...
show more
103.191.198.149 - - [29/Jun/2026:16:37:56 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
103.191.198.149 - - [29/Jun/2026:16:38:17 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
103.191.198.149 - - [29/Jun/2026:16:38:23 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.1; http://site13190319.com"
103.191.198.149 - - [29/Jun/2026:16:38:33 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
103.191.198.149 - - [29/Jun/2026:16:38:44 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
...
show less
Web App Attack
Anonymous
2026-06-29 16:09:03
(2 weeks ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-29 16:08:37
(2 weeks ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ช๐ธ
masterguru
2026-06-28 17:26:10
(2 weeks ago)
(xmlrpc) Failed xmlrpc access from 103.191.198.149 (IN/India/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-28 15:50:12
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 11:50:04.897315 2026] [security2:error] [pid 23437:tid 23437] [client 103.191.198.149:63232] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.191.198.149 (+1 hits since last alert)|nccb.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nccb.org"] [uri "/xmlrpc.php"] [unique_id "akFCrBgATVL4z2WD1q-s0wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-28 15:16:51
(2 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 14:48:38
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:48:35.085853 2026] [security2:error] [pid 29884:tid 29884] [client 103.191.198.149:60305] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.191.198.149 (+1 hits since last alert)|snowrideadventures.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "snowrideadventures.com"] [uri "/xmlrpc.php"] [unique_id "akE0Q-dcoEBkQ543zpikSwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 14:17:30
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:17:27.368257 2026] [security2:error] [pid 21357:tid 21365] [client 103.191.198.149:53381] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.191.198.149 (+1 hits since last alert)|abusaimeh.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abusaimeh.com"] [uri "/xmlrpc.php"] [unique_id "akEs9zu8Og8Y3xWTBinGFwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-28 13:46:46
(2 weeks ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-26 20:36:47
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.191.198.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 16:36:40.944939 2026] [security2:error] [pid 8529:tid 8529] [client 103.191.198.149:65529] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.191.198.149 (+1 hits since last alert)|towlesilvapsychotherapy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "towlesilvapsychotherapy.com"] [uri "/xmlrpc.php"] [unique_id "aj7i2C2UiBNvCYrog7HJhAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-06-26 17:19:24
(3 weeks ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-06-26 16:48:22
(3 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack