๐ฒ๐พ
Rizzy
2026-07-16 14:12:01
(2 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
cwytech
2026-07-15 07:55:28
(1 day ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 09:39:18
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 05:39:14.747376 2026] [security2:error] [pid 18204:tid 18204] [client 103.192.65.27:54521] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.192.65.27 (+1 hits since last alert)|americanexportimport.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "americanexportimport.com"] [uri "/xmlrpc.php"] [unique_id "alYDwjjGuwvBldJy5RjhAwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-10 11:50:31
(6 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ฉ๐ช
neckaralb-admin.de
2026-07-07 12:51:35
(1 week ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 10:59:12
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 06:59:08.516005 2026] [security2:error] [pid 27153:tid 27153] [client 103.192.65.27:65342] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.192.65.27 (+1 hits since last alert)|michelehoop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michelehoop.com"] [uri "/xmlrpc.php"] [unique_id "akjnfA7mN249TNU8oH0aNwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-04 05:59:23
(1 week ago)
Wordpress Vunerability attack
Web App Attack
Anonymous
2026-06-02 06:12:05
(1 month ago)
Fail2ban filtered
...
Web App Attack
Anonymous
2026-05-25 09:11:17
(1 month ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
WeekendWeb
2026-05-16 13:49:12
(2 months ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-15 10:35:25
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 06:35:21.873276 2026] [security2:error] [pid 5836:tid 5836] [client 103.192.65.27:57938] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.192.65.27 (+1 hits since last alert)|cypro.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cypro.com"] [uri "/xmlrpc.php"] [unique_id "agb26QJSYYTZomHFMRiygAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-14 09:27:34
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:27:29.194757 2026] [security2:error] [pid 19760:tid 19760] [client 103.192.65.27:50763] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.192.65.27 (+1 hits since last alert)|forerunnersjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "forerunnersjazz.org"] [uri "/xmlrpc.php"] [unique_id "agWVgT0Xl6uOPNiKbCOh1wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
maxxsense
2026-05-13 06:31:22
(2 months ago)
(wordpress) Failed wordpress login from 103.192.65.27 (IN/India/-)
Brute-Force
Anonymous
2026-05-08 13:19:47
(2 months ago)
(wordpress) Failed wordpress login from 103.192.65.27 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-05-08 10:14:24
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 103.192.65.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 06:14:20.617924 2026] [security2:error] [pid 5792:tid 5792] [client 103.192.65.27:49781] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.192.65.27 (+1 hits since last alert)|briannalls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "briannalls.com"] [uri "/xmlrpc.php"] [unique_id "af23fEDGs5Xjbz5GRTeITQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack