π«π·
applemooz
2026-07-02 15:24:52
(1 hour ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 03:22:09
(13 hours ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 23:22:04.332418 2026] [security2:error] [pid 699:tid 699] [client 112.211.181.176:64370] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|alafiariverrendezvous.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alafiariverrendezvous.org"] [uri "/xmlrpc.php"] [unique_id "akXZXKj_Xlg3ehwjURI_wwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
masterguru
2026-07-01 14:35:40
(1 day ago)
(xmlrpc) Failed xmlrpc access from 112.211.181.176 (PH/Philippines/112.211.181.176.pldt.net): 5 in t ...
show more
(xmlrpc) Failed xmlrpc access from 112.211.181.176 (PH/Philippines/112.211.181.176.pldt.net): 5 in the last 3600 secs (0-122)
show less
Hacking
πΊπΈ
TPI-Abuse
2026-07-01 13:32:39
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 09:32:31.138721 2026] [security2:error] [pid 5257:tid 5257] [client 112.211.181.176:52106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|drgtek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drgtek.com"] [uri "/xmlrpc.php"] [unique_id "akUW7wgRvyOoJTvknToNdAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 09:55:42
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
π¬π§
Apache
2026-07-01 09:29:54
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (PH/Philippines/112.211.181.176 ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (PH/Philippines/112.211.181.176.pldt.net): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
π³π±
Site.eu
2026-07-01 01:04:42
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-07-01 00:26:54
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 20:26:48.780454 2026] [security2:error] [pid 21501:tid 21576] [client 112.211.181.176:49999] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|giere.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "giere.us"] [uri "/xmlrpc.php"] [unique_id "akReyKHUfCQP8EuJmCu8ygAAAcQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-06-29 08:53:48
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
π¦πΊ
screwlooseit.com.au
2026-06-29 07:21:03
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/112.211.181.176.pldt.net
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 06:22:58
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 02:22:51.246692 2026] [security2:error] [pid 26331:tid 26331] [client 112.211.181.176:49552] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|stellabluesales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stellabluesales.com"] [uri "/xmlrpc.php"] [unique_id "akIPO-S6G6aBhof6Rdbx5gAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 05:49:36
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:49:30.352655 2026] [security2:error] [pid 5812:tid 5812] [client 112.211.181.176:58938] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|lakependoreillemobility.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lakependoreillemobility.com"] [uri "/xmlrpc.php"] [unique_id "akC16vgudWnO1iyhHX7ssQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 04:06:12
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 00:06:07.214756 2026] [security2:error] [pid 28644:tid 28669] [client 112.211.181.176:49352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|atlasrecordssearch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "atlasrecordssearch.com"] [uri "/xmlrpc.php"] [unique_id "akCdr7dpi25yaqTuyP7BEQAAARI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 03:05:48
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.211.181.176 (112.211.181.176.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 23:05:43.245039 2026] [security2:error] [pid 21004:tid 21004] [client 112.211.181.176:53075] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.211.181.176 (+1 hits since last alert)|churchbehindthewalls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "churchbehindthewalls.com"] [uri "/xmlrpc.php"] [unique_id "akCPh-VhfY9dXUqS8ujjPwAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
cwytech
2026-06-27 09:32:59
(5 days ago)
Fleet-wide ban from the Ghostfleet π». Triggered by scenario: cwy/wordpress-xmlrpc-bf-high.
Bad Web Bot
Web App Attack