๐บ๐ธ
TPI-Abuse
2026-07-13 20:39:27
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 16:39:20.306311 2026] [security2:error] [pid 29047:tid 29047] [client 109.106.155.177:55309] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|therealseska.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "therealseska.com"] [uri "/xmlrpc.php"] [unique_id "alVM-MVqgpyxigaa5vhq6gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2026-07-13 10:45:52
(14 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 08:36:55
(16 hours ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 04:36:48.405589 2026] [security2:error] [pid 16291:tid 16291] [client 109.106.155.177:52311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|nancyscafeandcatering.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nancyscafeandcatering.com"] [uri "/xmlrpc.php"] [unique_id "alSjoJWd2H19dxp2p8lrSAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-13 01:03:03
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ง๐ช
cmbplf
2026-07-12 23:40:11
(1 day ago)
5.432 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
Anonymous
2026-07-12 20:06:26
(1 day ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 17:14:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 13:14:17.224196 2026] [security2:error] [pid 25387:tid 25387] [client 109.106.155.177:49520] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|reyadecostarica.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reyadecostarica.com"] [uri "/xmlrpc.php"] [unique_id "alPLaeI0Ng5viTXo1o3VIQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 13:10:17
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 09:10:14.212746 2026] [security2:error] [pid 20117:tid 20117] [client 109.106.155.177:63122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|gasoilliquidsdaily.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gasoilliquidsdaily.com"] [uri "/xmlrpc.php"] [unique_id "alOSNg1bGc4N-utJDR5N6wAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 10:25:19
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 06:25:12.079974 2026] [security2:error] [pid 11819:tid 11819] [client 109.106.155.177:60202] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|stacyfarm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "alNriM1VTFr6V9Ay0udj1gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-11 13:50:24
(2 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-11 13:40:13
(2 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 19:20:08
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 15:20:02.197894 2026] [security2:error] [pid 27809:tid 27809] [client 109.106.155.177:62436] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|johncyphers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "johncyphers.com"] [uri "/xmlrpc.php"] [unique_id "alFF4ugY9XMDUpjliNAX2AAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 13:43:01
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 109.106.155.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 09:42:54.121199 2026] [security2:error] [pid 19442:tid 19442] [client 109.106.155.177:53770] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.106.155.177 (+1 hits since last alert)|pcga.golf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pcga.golf"] [uri "/xmlrpc.php"] [unique_id "alD23oB1io9KtmUFU37WcQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-10 10:05:50
(3 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"]
show less
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-10 06:30:48
(3 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking