๐ณ๐ฑ
Roderic
2026-07-13 23:32:16
(5 days ago)
(apache_scanners-2) Failed apache-scanners trigger with match [redacted])
Port Scan
๐บ๐ธ
kosada.com
2026-07-13 23:09:47
(5 days ago)
Web exploit attempt: <methodCall>x0a <methodName>wp.getUsersBlogs</methodName>x0a <params>x0a < ...
show more
Web exploit attempt: <methodCall>x0a <methodName>wp.getUsersBlogs</methodName>x0a <params>x0a <param>x0a <value><string>admin</string></value>x0a </param>x0a <param>x0a <value><string>pass</string></value>x0a </param>x0a </params>x0a</methodCall>
show less
Web App Attack
๐ฉ๐ฐ
ScamAware
2026-07-13 23:01:42
(5 days ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot / scanner behavior). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: managed_challenge. Cloudflare source: botFight.
show less
Bad Web Bot
๐ฉ๐ช
Hazzard
2026-07-13 23:01:17
(5 days ago)
(wordpress) Failed wordpress login from 130.131.55.224 (US/United States/Illinois/Chicago/-/[redacte ...
show more
(wordpress) Failed wordpress login from 130.131.55.224 (US/United States/Illinois/Chicago/-/[redacted]): (CF_ENABLE)
show less
Brute-Force
๐ฉ๐ช
LRob
2026-07-13 22:55:41
(5 days ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: /blog/xmlrpc.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: /blog/xmlrpc.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:38:32
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:38:28.145145 2026] [security2:error] [pid 18862:tid 18862] [client 130.131.55.224:23887] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.131.55.224 (+1 hits since last alert)|realtorpaul.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "realtorpaul.com"] [uri "/blog/xmlrpc.php"] [unique_id "alVo5DNDS_Zs8KdQUkl2ngAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-13 22:33:21
(5 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-193)
Hacking
๐ณ๐ด
jad-abuse
2026-07-13 22:21:32
(5 days ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:02:41
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:02:36.978618 2026] [security2:error] [pid 5131:tid 5184] [client 130.131.55.224:24020] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.131.55.224 (+1 hits since last alert)|annefraser.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "annefraser.com"] [uri "/blog/xmlrpc.php"] [unique_id "alVgfFasG9bviBn4oYHw0AAAAI0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐น
Malta
2026-07-13 21:58:22
(5 days ago)
130.131.55.224 - - [13/Jul/2026:23:58:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ...
show more
130.131.55.224 - - [13/Jul/2026:23:58:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
๐ฉ๐ช
big-cloud.nl
2026-07-13 21:35:40
(5 days ago)
Try to access /blog/xmlrpc.php
Web App Attack
๐บ๐ธ
interbiznw.com
2026-07-13 21:35:21
(5 days ago)
malicious-web-requests-vulnerability-scanning
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฉ๐ช
maxpower
2026-07-13 21:30:09
(5 days ago)
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 130.131.55.224 (US/United States/-): 1 in the ...
show more
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 130.131.55.224 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 130.131.55.224 - - [13/Jul/2026:23:29:55 +0200] "POST /blog/xmlrpc.php HTTP/1.1" 404 156957 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-13 21:20:52
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 130.131.55.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 17:20:47.477409 2026] [security2:error] [pid 8439:tid 8439] [client 130.131.55.224:25198] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.131.55.224 (+1 hits since last alert)|goldenanniversarynapkins.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "goldenanniversarynapkins.com"] [uri "/blog/xmlrpc.php"] [unique_id "alVWr4LIAFojSiLfKf5bpgAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-13 21:16:07
(5 days ago)
[MonJul1323:16:05.2207292026][security2:error][pid682076:tid682086][client130.131.55.224:0]ModSecuri ...
show more
[MonJul1323:16:05.2207292026][security2:error][pid682076:tid682086][client130.131.55.224:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"asw-sa.com\"][uri\"/blog/xmlrpc.php\"][unique_id\"alVVlW4Q66tZsUNQ61QTJgAAAEc\"]
show less
Port Scan
Brute-Force
Web App Attack