๐ซ๐ฎ
YF
2026-06-26 07:00:27
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
Anonymous
2026-06-26 05:16:17
(1 week ago)
103.249.4.2 - - [26/Jun/2026:07:16:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
103.249.4.2 - - [26 ...
show more
103.249.4.2 - - [26/Jun/2026:07:16:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
103.249.4.2 - - [26/Jun/2026:07:16:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
...
show less
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-26 04:36:16
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:35:59.000095 2026] [security2:error] [pid 3356:tid 3356] [client 103.249.4.2:58035] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.249.4.2 (+1 hits since last alert)|graciousholding.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "graciousholding.com"] [uri "/xmlrpc.php"] [unique_id "aj4Brr26w1YMCxFUqKWhaQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-26 04:04:18
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-26 03:02:24
(1 week ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
Anonymous
2026-06-25 12:27:05
(1 week ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasiga ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasigacollective.com.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
Anonymous
2026-06-25 11:53:46
(1 week ago)
WordPress Brute Force
Brute-Force
Anonymous
2026-06-25 08:19:36
(1 week ago)
[redacted] 103.249.4.2 - - [25/Jun/2026:10:18:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jet ...
show more
[redacted] 103.249.4.2 - - [25/Jun/2026:10:18:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 103.249.4.2 - - [25/Jun/2026:10:19:04 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site38462114.com"
[redacted] 103.249.4.2 - - [25/Jun/2026:10:19:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.1; http://site40068178.com"
[redacted] 103.249.4.2 - - [25/Jun/2026:10:19:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.249.4.2 - - [25/Jun/2026:10:19:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 07:20:51
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 03:20:35.822119 2026] [security2:error] [pid 15863:tid 15863] [client 103.249.4.2:52193] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.249.4.2 (+1 hits since last alert)|rajabarber.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rajabarber.com"] [uri "/xmlrpc.php"] [unique_id "ajzWw5Dqtv5pEsO8XQZ8vAAAAFI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 06:17:01
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:16:47.767720 2026] [security2:error] [pid 8690:tid 8690] [client 103.249.4.2:58117] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.249.4.2 (+1 hits since last alert)|brazilianbottom.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brazilianbottom.com"] [uri "/xmlrpc.php"] [unique_id "ajzHz7ibZfIICY5fszDnrAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-06-25 04:55:15
(1 week ago)
(wordpress) Failed wordpress login from 103.249.4.2 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-25 03:26:21
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 23:26:06.695319 2026] [security2:error] [pid 22937:tid 22937] [client 103.249.4.2:62316] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.249.4.2 (+1 hits since last alert)|verdeprofundo.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "verdeprofundo.net"] [uri "/xmlrpc.php"] [unique_id "ajyfzg5X_sgquZbcgPVekwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-24 10:17:41
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-24 09:48:17
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 103.249.4.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 05:48:04.018910 2026] [security2:error] [pid 25194:tid 25194] [client 103.249.4.2:55836] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.249.4.2 (+1 hits since last alert)|kerrywood.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kerrywood.com"] [uri "/xmlrpc.php"] [unique_id "ajun1PqyUFHfyznUYEGJGwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-23 12:15:10
(1 week ago)
Attac
Brute-Force