Anonymous
2026-07-01 13:22:00
(1 week ago)
122.161.48.21 - - [01/Jul/2026:15:21:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by W ...
show more
122.161.48.21 - - [01/Jul/2026:15:21:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
122.161.48.21 - - [01/Jul/2026:15:21:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
122.161.48.21 - - [01/Jul/2026:15:21:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
122.161.48.21 - - [01/Jul/2026:15:21:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
122.161.48.21 - - [01/Jul/2026:15:21:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
rh24
2026-07-01 13:12:36
(1 week ago)
(wordpress) Failed wordpress login from 122.161.48.21 (IN/India/abts-north-dynamic-021.48.161.122.ai ...
show more
(wordpress) Failed wordpress login from 122.161.48.21 (IN/India/abts-north-dynamic-021.48.161.122.airtelbroadband.in): (CF_ENABLE)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-01 11:59:40
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 07:59:33.809799 2026] [security2:error] [pid 1564:tid 1564] [client 122.161.48.21:9751] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|pastorjohndunning.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pastorjohndunning.com"] [uri "/xmlrpc.php"] [unique_id "akUBJVyTJC4nqsG18MweRAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-01 10:27:12
(1 week ago)
(wordpress) Failed wordpress login from 122.161.48.21 (IN/India/abts-north-dynamic-021.48.161.122.ai ...
show more
(wordpress) Failed wordpress login from 122.161.48.21 (IN/India/abts-north-dynamic-021.48.161.122.airtelbroadband.in)
show less
Brute-Force
Anonymous
2026-07-01 09:07:03
(1 week ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ซ๐ท
masterguru
2026-07-01 06:10:39
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 13:40:02
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:39:55.138340 2026] [security2:error] [pid 17136:tid 17136] [client 122.161.48.21:18792] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|gracebaptisthartsville.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gracebaptisthartsville.com"] [uri "/xmlrpc.php"] [unique_id "akPHK2x0IKhynglZRcZz6QAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-30 13:27:23
(1 week ago)
122.161.48.21 - - [30/Jun/2026:15:27:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "WordPress.c ...
show more
122.161.48.21 - - [30/Jun/2026:15:27:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "WordPress.com; https://wordpress.com"
122.161.48.21 - - [30/Jun/2026:15:27:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com"
122.161.48.21 - - [30/Jun/2026:15:27:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "WordPress.com; https://wordpress.com"
show less
Hacking
Web App Attack
๐ช๐ธ
alferez
2026-06-30 13:16:21
(1 week ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-30 13:11:59
(1 week ago)
122.161.48.21 - - [30/Jun/2026:15:11:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by ...
show more
122.161.48.21 - - [30/Jun/2026:15:11:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
122.161.48.21 - - [30/Jun/2026:15:11:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
122.161.48.21 - - [30/Jun/2026:15:11:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com"
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 12:29:15
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:29:11.900434 2026] [security2:error] [pid 4402:tid 4402] [client 122.161.48.21:18003] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|centrodentalsindolor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "centrodentalsindolor.com"] [uri "/xmlrpc.php"] [unique_id "akO2l1EEjmqIVmPXl7yI1wAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 11:56:54
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 07:56:49.534916 2026] [security2:error] [pid 25823:tid 25823] [client 122.161.48.21:26850] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|fatcaverecords.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fatcaverecords.com"] [uri "/xmlrpc.php"] [unique_id "akOvAVMtSdO9EinqA0grmwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-30 11:22:54
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 10:32:29
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:32:25.840120 2026] [security2:error] [pid 13565:tid 13635] [client 122.161.48.21:28830] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|tnccivic.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tnccivic.org"] [uri "/xmlrpc.php"] [unique_id "akObOQCblgf8xXh_yMU4qAAAAcw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 09:32:14
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.12 ...
show more
(mod_security) mod_security (id:240335) triggered by 122.161.48.21 (abts-north-dynamic-021.48.161.122.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:32:09.210385 2026] [security2:error] [pid 3448:tid 3448] [client 122.161.48.21:32950] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 122.161.48.21 (+1 hits since last alert)|naturalacu.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "naturalacu.com"] [uri "/xmlrpc.php"] [unique_id "akONGRRtuI0BEibMoNOcfgAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack