๐ฉ๐ช
BlueWire Hosting
2026-06-28 20:25:52
(1 day ago)
Probing websites for vulnerabilities
Web App Attack
๐ฉ๐ช
Marc
2026-06-28 20:25:27
(1 day ago)
118.95.65.182 - - [28/Jun/2026:22:25:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3420 "-" "Jetpack by ...
show more
118.95.65.182 - - [28/Jun/2026:22:25:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3420 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 118.95.65.182 - - [28/Jun/2026:22:25:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3465 "-" "Jetpack/12.5; WordPress/6.4; http://site27751161.com" 118.95.65.182 - - [28/Jun/2026:22:25:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3465 "-" "Jetpack by WordPress.com"
show less
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-06-28 19:48:06
(1 day ago)
(xmlrpc) Failed xmlrpc access from 118.95.65.182 (IN/India/segment-95-118.sify.net): 5 in the last 3 ...
show more
(xmlrpc) Failed xmlrpc access from 118.95.65.182 (IN/India/segment-95-118.sify.net): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-28 19:47:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in t ...
show more
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 15:47:28.993444 2026] [security2:error] [pid 14457:tid 14457] [client 118.95.65.182:60594] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.95.65.182 (+1 hits since last alert)|josephshv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "josephshv.com"] [uri "/xmlrpc.php"] [unique_id "akF6UPCQq7wQCvaP1LdE4wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-28 19:13:44
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-06-28 18:42:03
(1 day ago)
Wordfence waf block on jestrellafoundation
Web App Attack
๐ฒ๐พ
Rizzy
2026-06-28 18:12:20
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ช๐ธ
SweetHoneyPress
2026-06-28 15:53:21
(1 day ago)
WordPress honeypot: POST to /xmlrpc.php | event_id=888216 | UA: Jetpack by WordPress.com
Web App Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-28 15:43:24
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in t ...
show more
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 11:43:18.297344 2026] [security2:error] [pid 15793:tid 15793] [client 118.95.65.182:58163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.95.65.182 (+1 hits since last alert)|clayrivers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "clayrivers.com"] [uri "/xmlrpc.php"] [unique_id "akFBFntSF5rQb_dwTxTrGQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
SweetHoneyPress
2026-06-28 15:38:14
(1 day ago)
WordPress honeypot: POST to /xmlrpc.php | event_id=881888 | UA: Jetpack by WordPress.com (Jetpack 12 ...
show more
WordPress honeypot: POST to /xmlrpc.php | event_id=881888 | UA: Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)
show less
Web App Attack
Brute-Force
๐ซ๐ท
francoisunix
2026-06-28 15:08:03
(1 day ago)
118.95.65.182 - - [28/Jun/2026:15:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.1 ...
show more
118.95.65.182 - - [28/Jun/2026:15:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.1; WordPress/6.4; http://site36105132.com"
118.95.65.182 - - [28/Jun/2026:15:07:30 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
118.95.65.182 - - [28/Jun/2026:15:07:40 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
118.95.65.182 - - [28/Jun/2026:15:07:51 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
118.95.65.182 - - [28/Jun/2026:15:08:02 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.2; http://site28828986.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 14:08:48
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in t ...
show more
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:08:45.504665 2026] [security2:error] [pid 980:tid 980] [client 118.95.65.182:50157] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.95.65.182 (+1 hits since last alert)|blacktieokc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "blacktieokc.com"] [uri "/xmlrpc.php"] [unique_id "akEq7SZLwyR8VqgRAtph8QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-28 13:07:19
(1 day ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-28 12:05:24
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in t ...
show more
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (segment-95-118.sify.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 08:05:20.275399 2026] [security2:error] [pid 24716:tid 24716] [client 118.95.65.182:55358] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.95.65.182 (+1 hits since last alert)|fgrotary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fgrotary.org"] [uri "/xmlrpc.php"] [unique_id "akEOABYJbFEE3Pyv0ZVF5gAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 16:48:27
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (retail.dynamic.sify.net): 1 in t ...
show more
(mod_security) mod_security (id:240335) triggered by 118.95.65.182 (retail.dynamic.sify.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:48:20.222789 2026] [security2:error] [pid 29700:tid 29700] [client 118.95.65.182:63158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 118.95.65.182 (+1 hits since last alert)|nypatriotcards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nypatriotcards.com"] [uri "/xmlrpc.php"] [unique_id "aj_-1CHs58VmhdjY_FMPngAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack