๐บ๐ธ
TPI-Abuse
2026-07-17 06:34:25
(18 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:34:17.045267 2026] [security2:error] [pid 375285:tid 375285] [client 103.225.138.118:26790] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|websitesforauthors.design|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "websitesforauthors.design"] [uri "/xmlrpc.php"] [unique_id "alnM6Sb2t-5n19F7i3pQewAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:00:40
(19 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:00:36.187345 2026] [security2:error] [pid 24264:tid 24349] [client 103.225.138.118:21230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|davidholls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "davidholls.com"] [uri "/xmlrpc.php"] [unique_id "alm29D9k8T8vvy_YhO8exQAAAgs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 04:19:35
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 00:19:28.206055 2026] [security2:error] [pid 173166:tid 173166] [client 103.225.138.118:41071] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|celebritybikinigossip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "celebritybikinigossip.com"] [uri "/xmlrpc.php"] [unique_id "almtUORC1BXoUb3QUS2n0AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-17 02:40:39
(22 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.co ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 01:19:33
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 21:19:30.019079 2026] [security2:error] [pid 30724:tid 30724] [client 103.225.138.118:63285] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|thefrontporchoffering.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thefrontporchoffering.com"] [uri "/xmlrpc.php"] [unique_id "almDIpMxTK34wlIfNk11rgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 16:07:09
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 12:07:04.742766 2026] [security2:error] [pid 32429:tid 32429] [client 103.225.138.118:53471] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|uccryakima.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "uccryakima.org"] [uri "/xmlrpc.php"] [unique_id "alewKA2-ngwVPibNEY832AAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-15 15:26:22
(2 days ago)
(wordpress) Failed wordpress login from 103.225.138.118 (PH/Philippines/static-nat.region5.tabaco.al ...
show more
(wordpress) Failed wordpress login from 103.225.138.118 (PH/Philippines/static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-15 13:46:08
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 09:46:00.936229 2026] [security2:error] [pid 27731:tid 27731] [client 103.225.138.118:9486] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|bfpsamoa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bfpsamoa.com"] [uri "/xmlrpc.php"] [unique_id "alePGJoIQb1RbPIeBoMDwgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Tilellit.PRO
2026-07-13 09:14:50
(4 days ago)
WooCommerce YITH AJAX Filder product_cat filter flood attempt with taxonomies
DDoS Attack
Bad Web Bot
๐ฆ๐บ
screwlooseit.com.au
2026-06-29 00:45:26
(2 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/static-nat.region5.tabaco.albay-118-138-225 ...
show more
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph
show less
Web App Attack
๐ซ๐ท
applemooz
2026-06-29 00:04:55
(2 weeks ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ฉ๐ช
burlacu.org
2026-06-19 11:06:02
(4 weeks ago)
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 20 requests. Blocked ...
show more
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 20 requests. Blocked automatically.
show less
Web App Attack
Bad Web Bot
Anonymous
2026-06-19 10:37:40
(4 weeks ago)
[ns65.kdns.gr] httpd-xmlrpc-post: sites=villafleria.gr; logs=/var/log/httpd/domains/villafleria.gr.l ...
show more
[ns65.kdns.gr] httpd-xmlrpc-post: sites=villafleria.gr; logs=/var/log/httpd/domains/villafleria.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 23:36:26
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.alba ...
show more
(mod_security) mod_security (id:240335) triggered by 103.225.138.118 (static-nat.region5.tabaco.albay-118-138-225-103.dctv.com.ph): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:36:21.993541 2026] [security2:error] [pid 24355:tid 24355] [client 103.225.138.118:35371] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.225.138.118 (+1 hits since last alert)|eileensharaga.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eileensharaga.com"] [uri "/xmlrpc.php"] [unique_id "ajSA9fSrPMcCLipZmELmpQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
SMARTNET
2026-05-27 06:03:53
(1 month ago)
Aisuru(Mirai variant) DDoS | Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d
DDoS Attack