๐ซ๐ฎ
YF
2026-07-08 14:30:48
(2 hours ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ซ๐ท
dynamix
2026-07-07 20:49:57
(19 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 20:21:21
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl ...
show more
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 16:21:14.586336 2026] [security2:error] [pid 3458:tid 3458] [client 130.25.3.116:60390] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.25.3.116 (+1 hits since last alert)|feiz.church|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "feiz.church"] [uri "/xmlrpc.php"] [unique_id "ak1fugOK06THyqX5eEPPFAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-07-07 19:17:44
(21 hours ago)
130.25.3.116 - - [08/Jul/2026:03:17:23 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "Jetpack by W ...
show more
130.25.3.116 - - [08/Jul/2026:03:17:23 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
130.25.3.116 - - [08/Jul/2026:03:17:33 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "Jetpack/12.5; WordPress/6.4; http://site67058202.com"
130.25.3.116 - - [08/Jul/2026:03:17:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4396 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
๐ณ๐ฑ
Site.eu
2026-07-07 09:26:38
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-07 07:11:30
(1 day ago)
(wordpress) Failed wordpress login from 130.25.3.116 (IT/Italy/net-130-25-3-116.cust.vodafonedsl.it)
Brute-Force
๐บ๐ธ
integrantservices.com
2026-07-06 09:15:25
(2 days ago)
(wordpress) Failed wordpress login from 130.25.3.116 (IT/Italy/net-130-25-3-116.cust.vodafonedsl.it)
Brute-Force
๐ซ๐ท
masterguru
2026-07-03 15:29:50
(5 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
Anonymous
2026-07-03 07:24:00
(5 days ago)
[ns31.kdns.gr] httpd-xmlrpc-post: sites=www.galani.com.gr; logs=/var/log/httpd/domains/galani.com.gr ...
show more
[ns31.kdns.gr] httpd-xmlrpc-post: sites=www.galani.com.gr; logs=/var/log/httpd/domains/galani.com.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 05:21:37
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl ...
show more
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 01:21:29.999297 2026] [security2:error] [pid 28351:tid 28351] [client 130.25.3.116:63461] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.25.3.116 (+1 hits since last alert)|ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ideaofauniversity.website"] [uri "/xmlrpc.php"] [unique_id "akdG2YoDcpoYm9Vg8_F_gwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 02:17:38
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl ...
show more
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 22:17:32.316623 2026] [security2:error] [pid 30431:tid 30431] [client 130.25.3.116:53913] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.25.3.116 (+1 hits since last alert)|thingstodonude.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thingstodonude.com"] [uri "/xmlrpc.php"] [unique_id "akcbvNmWN1FNqIU8lFTcZgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 13:07:33
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl ...
show more
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 09:07:28.052623 2026] [security2:error] [pid 31806:tid 31806] [client 130.25.3.116:55412] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.25.3.116 (+1 hits since last alert)|kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kbalan.com"] [uri "/xmlrpc.php"] [unique_id "akZikBhu0FwA3Sb6UwNEagAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 08:59:44
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl ...
show more
(mod_security) mod_security (id:240335) triggered by 130.25.3.116 (net-130-25-3-116.cust.vodafonedsl.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:59:38.452422 2026] [security2:error] [pid 13022:tid 13022] [client 130.25.3.116:61521] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 130.25.3.116 (+1 hits since last alert)|frogdesignmexico.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frogdesignmexico.com"] [uri "/xmlrpc.php"] [unique_id "akYoem7SrVMeRrukxae9fQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-01 23:25:07
(6 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-07-01 22:41:30
(6 days ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack