๐ซ๐ฎ
YF
2026-06-24 13:01:02
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
Anonymous
2026-06-24 08:48:33
(1 week ago)
109.107.230.16 - - [24/Jun/2026:10:48:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "WordPress.c ...
show more
109.107.230.16 - - [24/Jun/2026:10:48:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "WordPress.com; https://wordpress.com"
109.107.230.16 - - [24/Jun/2026:10:48:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
109.107.230.16 - - [24/Jun/2026:10:48:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
109.107.230.16 - - [24/Jun/2026:10:48:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
109.107.230.16 - - [24/Jun/2026:10:48:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
integrantservices.com
2026-06-24 08:19:50
(1 week ago)
(wordpress) Failed wordpress login from 109.107.230.16 (JO/Jordan/-)
Brute-Force
๐ซ๐ท
dynamix
2026-06-24 06:15:08
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 09:48:07
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 05:48:01.362100 2026] [security2:error] [pid 17197:tid 17197] [client 109.107.230.16:59177] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.107.230.16 (+1 hits since last alert)|starcrestsales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "starcrestsales.com"] [uri "/xmlrpc.php"] [unique_id "ajkE0YG43Hdb6BPDvOOZAgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 09:20:57
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 05:20:51.734331 2026] [security2:error] [pid 10194:tid 10194] [client 109.107.230.16:61165] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.107.230.16 (+1 hits since last alert)|dwightbrown.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dwightbrown.com"] [uri "/xmlrpc.php"] [unique_id "ajj-c-sggJpBbTtGdcgXvwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 05:55:15
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 01:54:56.751704 2026] [security2:error] [pid 5685:tid 5685] [client 109.107.230.16:59724] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.107.230.16 (+1 hits since last alert)|ospectra.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ospectra.com"] [uri "/xmlrpc.php"] [unique_id "ajjOMAXCXdMEuiDUP8ZqEAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-21 09:08:10
(1 week ago)
Attac
Brute-Force
๐ซ๐ท
dynamix
2026-06-21 07:25:35
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 17:07:59
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:07:55.359247 2026] [security2:error] [pid 9021:tid 9021] [client 109.107.230.16:61307] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.107.230.16 (+1 hits since last alert)|livingminimal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "livingminimal.com"] [uri "/xmlrpc.php"] [unique_id "ajbI6-25rAA5Z4TqqNIHmgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 15:45:03
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.107.230.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 11:44:56.703062 2026] [security2:error] [pid 8886:tid 8892] [client 109.107.230.16:56074] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.107.230.16 (+1 hits since last alert)|fastestcopyright.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fastestcopyright.com"] [uri "/xmlrpc.php"] [unique_id "aja1eC5l9hHTGyU9AUMdWwAAAEI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-20 12:38:37
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
JO/Hashemite Kingdom of Jordan/-
Web App Attack
๐บ๐ธ
kosada.com
2026-02-05 16:26:07
(4 months ago)
Web bot: DDoS
DDoS Attack
Bad Web Bot
๐จ๐ฆ
polycoda
2025-12-12 12:54:37
(6 months ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
Anonymous
2025-11-26 10:55:53
(7 months ago)
scanning http requests from known botnet
Web App Attack