๐ซ๐ท
dynamix
2026-07-14 10:48:08
(2 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
LRob
2026-07-14 10:07:45
(2 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.co ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)
show less
Brute-Force
Web App Attack
Anonymous
2026-07-14 09:42:37
(3 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 09:37:48
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 05:37:40.116611 2026] [security2:error] [pid 18922:tid 18922] [client 111.92.145.73:32471] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 111.92.145.73 (+1 hits since last alert)|dynamic-therapy-mn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "alYDZL9Mo2j9hCQRq26OyAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-14 08:34:27
(4 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https:// ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https://wordpress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-14 06:16:12
(6 hours ago)
111.92.145.73 - - [14/Jul/2026:02:15:00 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5788 "-" "WordPress.c ...
show more
111.92.145.73 - - [14/Jul/2026:02:15:00 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5788 "-" "WordPress.com; https://wordpress.com"
111.92.145.73 - - [14/Jul/2026:02:15:22 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5788 "-" "WordPress.com; https://wordpress.com"
111.92.145.73 - - [14/Jul/2026:02:15:50 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
111.92.145.73 - - [14/Jul/2026:02:16:05 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5788 "-" "WordPress.com; https://wordpress.com"
111.92.145.73 - - [14/Jul/2026:02:16:12 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 06:02:21
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 02:02:14.993991 2026] [security2:error] [pid 7732:tid 7732] [client 111.92.145.73:32825] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 111.92.145.73 (+1 hits since last alert)|thinkingepic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thinkingepic.com"] [uri "/xmlrpc.php"] [unique_id "alXQ5jawPbnAK-m-IYnx7QAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-31 08:59:07
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 04:59:02.511036 2026] [security2:error] [pid 18956:tid 18956] [client 111.92.145.73:30581] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 111.92.145.73 (+1 hits since last alert)|kadinisi.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kadinisi.org"] [uri "/xmlrpc.php"] [unique_id "ahv4VuJEb-i6mmhO8Qgl2gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-31 06:46:57
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 111.92.145.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:46:52.329828 2026] [security2:error] [pid 1874:tid 1874] [client 111.92.145.73:30165] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 111.92.145.73 (+1 hits since last alert)|kh6jim.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kh6jim.com"] [uri "/xmlrpc.php"] [unique_id "ahvZXJSShipOAIi-a_6XBgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
/dev/null
2026-05-10 18:03:56
(2 months ago)
Brute-Force Logins
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-05-09 22:25:46
(2 months ago)
Brute-Force
Web App Attack
๐จ๐ฆ
Paulo Henrique dos Santos Nichio
2026-05-09 06:15:09
(2 months ago)
(ls_brute) LiteSpeed Brute Force Attack 111.92.145.73 (PK/Pakistan/-): 3 in the last 600 secs; Ports ...
show more
(ls_brute) LiteSpeed Brute Force Attack 111.92.145.73 (PK/Pakistan/-): 3 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026-05-09 03:14:41.841964 [WARN] [2698420] [T0] [111.92.145.73:45269-27#APVH_www.tocadojabuti.com.br:443] Brute force detected for IP [111.92.145.73], throttle.
2026-05-09 03:14:51.804963 [WARN] [2698420] [T0] [111.92.145.73:45269-28#APVH_www.tocadojabuti.com.br:443] Brute force detected for IP [111.92.145.73], throttle.
2026-05-09 03:15:02.822394 [WARN] [2698420] [T0] [111.92.145.73:45269-29#APVH_www.tocadojabuti.com.br:443] Brute force detected for IP [111.92.145.73], throttle.
show less
Port Scan
๐ฆ๐บ
screwlooseit.com.au
2026-04-18 15:54:53
(2 months ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PK/Pakistan/-
Web App Attack
Anonymous
2026-04-18 15:54:23
(2 months ago)
Fail2ban filtered
...
Web App Attack
๐ง๐ช
cmbplf
2026-04-18 15:31:09
(2 months ago)
5.700 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot