๐ฉ๐ช
burlacu.org
2026-07-16 09:15:02
(21 hours ago)
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 24 requests. Blocked ...
show more
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 24 requests. Blocked automatically.
show less
Web App Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-16 07:40:09
(22 hours ago)
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:40:04.977488 2026] [security2:error] [pid 14129:tid 14129] [client 123.231.62.209:57798] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 123.231.62.209 (+1 hits since last alert)|suswastima.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "suswastima.com"] [uri "/xmlrpc.php"] [unique_id "aliK1NYyS60FXdG3i6emOQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 06:25:46
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 02:25:39.903942 2026] [security2:error] [pid 2016228:tid 2016228] [client 123.231.62.209:61486] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 123.231.62.209 (+1 hits since last alert)|daisydoesoap.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "daisydoesoap.com"] [uri "/xmlrpc.php"] [unique_id "alcn48cYAeQ-qbEAg1Z0oAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 05:30:23
(2 days ago)
[redacted] 123.231.62.209 - - [15/Jul/2026:07:29:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 123.231.62.209 - - [15/Jul/2026:07:29:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 123.231.62.209 - - [15/Jul/2026:07:29:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 123.231.62.209 - - [15/Jul/2026:07:30:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site98791983.com"
[redacted] 123.231.62.209 - - [15/Jul/2026:07:30:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.2; http://site61753005.com"
[redacted] 123.231.62.209 - - [15/Jul/2026:07:30:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐ซ๐ท
applemooz
2026-07-15 03:01:20
(2 days ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:05:46
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:05:41.338980 2026] [security2:error] [pid 23733:tid 23733] [client 123.231.62.209:64254] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 123.231.62.209 (+1 hits since last alert)|bikinitweets.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bikinitweets.com"] [uri "/xmlrpc.php"] [unique_id "alZQRcBi25Wc0V5CW5aA0AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 11:18:46
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:18:42.394729 2026] [security2:error] [pid 968:tid 991] [client 123.231.62.209:54503] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 123.231.62.209 (+1 hits since last alert)|cynosureinternetservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cynosureinternetservices.com"] [uri "/xmlrpc.php"] [unique_id "alYbEtnW6enhDbzjQHN2aAAAANU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 08:52:19
(2 days ago)
WordPress Brute Force
Brute-Force
๐ซ๐ฎ
YF
2026-07-14 04:30:33
(3 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ฆ๐บ
screwlooseit.com.au
2026-07-13 10:54:51
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
LK/Sri Lanka/-
Web App Attack
๐ซ๐ท
Yepngo
2026-07-13 09:34:49
(3 days ago)
123.231.62.209 - - [13/Jul/2026:11:27:35 +0200] "POST /xmlrpc.php HTTP/2.0" 200 410 "-" "Jetpack/13. ...
show more
123.231.62.209 - - [13/Jul/2026:11:27:35 +0200] "POST /xmlrpc.php HTTP/2.0" 200 410 "-" "Jetpack/13.0; WordPress/6.3; http://site11054537.com"
123.231.62.209 - - [13/Jul/2026:11:34:48 +0200] "POST /xmlrpc.php HTTP/2.0" 200 410 "-" "Jetpack/13.0; WordPress/6.4; http://site75842873.com"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 03:52:59
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 123.231.62.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 23:52:53.431960 2026] [security2:error] [pid 19900:tid 19900] [client 123.231.62.209:64661] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 123.231.62.209 (+1 hits since last alert)|wpcoc.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wpcoc.org"] [uri "/xmlrpc.php"] [unique_id "aizUFYx1QNTO1_bm4RkJIwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack