Anonymous
2026-07-04 12:23:39
(3 days ago)
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show more
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-skip.asp
show less
Exploited Host
Bad Web Bot
π«π·
SpaceHost-Server
2026-06-30 22:37:40
(6 days ago)
Brute-Force
Web App Attack
π«π·
SpaceHost-Server
2026-06-29 22:27:19
(1 week ago)
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 11:03:10
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:02:57.583018 2026] [security2:error] [pid 20821:tid 20821] [client 126.209.16.132:63140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 126.209.16.132 (+1 hits since last alert)|kompareiq.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kompareiq.com"] [uri "/xmlrpc.php"] [unique_id "akJQ4Q4_BmHkb1XlLLPvVAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
kosada.com
2026-06-29 10:00:06
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-28 10:14:08
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:13:56.172617 2026] [security2:error] [pid 7864:tid 7864] [client 126.209.16.132:24103] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 126.209.16.132 (+1 hits since last alert)|capriexpress.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "capriexpress.com"] [uri "/xmlrpc.php"] [unique_id "akDz5FD7YjEWUEhpjZNQfAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
francoisunix
2026-06-25 11:03:02
(1 week ago)
126.209.16.132 - - [25/Jun/2026:11:02:18 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.c ...
show more
126.209.16.132 - - [25/Jun/2026:11:02:18 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
126.209.16.132 - - [25/Jun/2026:11:02:28 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.5; WordPress/6.4; http://site62230910.com"
126.209.16.132 - - [25/Jun/2026:11:02:39 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.4; http://site97317179.com"
126.209.16.132 - - [25/Jun/2026:11:02:49 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.5; WordPress/6.1; http://site46498323.com"
126.209.16.132 - - [25/Jun/2026:11:03:00 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
...
show less
Web App Attack
π«π·
dynamix
2026-06-25 10:32:00
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-22 21:56:55
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:56:43.265603 2026] [security2:error] [pid 21252:tid 21252] [client 126.209.16.132:48743] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 126.209.16.132 (+1 hits since last alert)|instalatoribucuresti.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "instalatoribucuresti.com"] [uri "/xmlrpc.php"] [unique_id "ajmvm8fPp_xNjBzez9yiqAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-06-22 21:53:57
(2 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
π«π·
masterguru
2026-06-21 20:55:33
(2 weeks ago)
wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_UR ...
show more
wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_URI. (88520-197)
show less
Hacking
πΊπΈ
TPI-Abuse
2026-06-21 13:30:32
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 126.209.16.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:30:21.505486 2026] [security2:error] [pid 14817:tid 14817] [client 126.209.16.132:52542] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 126.209.16.132 (+1 hits since last alert)|kavahawaii.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kavahawaii.com"] [uri "/xmlrpc.php"] [unique_id "ajfnbXPiEaXmXEP0_Ae8jQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Steve
2026-06-21 12:00:53
(2 weeks ago)
Abuse of XMLRPC
Brute-Force
Web App Attack
π©πͺ
FeG Deutschland
2026-06-21 08:35:15
(2 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 28
Exploited Host
Web App Attack
πΊπΈ
lostswordfish.com
2026-06-17 11:18:05
(2 weeks ago)
Wordfence waf block on kcuar
Web App Attack