๐ฉ๐ช
big-cloud.nl
2026-07-03 21:56:06
(1 day ago)
Try to access /xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 13:11:29
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 09:11:23.234471 2026] [security2:error] [pid 14965:tid 15086] [client 138.84.66.122:57771] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.84.66.122 (+1 hits since last alert)|busybeerestaurant.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "busybeerestaurant.com"] [uri "/xmlrpc.php"] [unique_id "ake0-3lbcs6flu47iYEjGgAAAM4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-02 22:08:53
(2 days ago)
(wordpress) Failed wordpress login from 138.84.66.122 (PH/Philippines/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-02 18:33:35
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 14:33:30.657167 2026] [security2:error] [pid 18183:tid 18183] [client 138.84.66.122:56592] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.84.66.122 (+1 hits since last alert)|feiz.church|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "feiz.church"] [uri "/xmlrpc.php"] [unique_id "akau-r7h0O3HWCRJJqcSewAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-02 00:37:10
(2 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-01 20:46:18
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 16:46:14.373386 2026] [security2:error] [pid 23142:tid 23142] [client 138.84.66.122:18931] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.84.66.122 (+1 hits since last alert)|techoutletec.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "techoutletec.com"] [uri "/xmlrpc.php"] [unique_id "akV8lscKsH3O2gYI9o4WGgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-06-29 19:49:22
(5 days ago)
138.84.66.122 - - [30/Jun/2026:03:49:00 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by ...
show more
138.84.66.122 - - [30/Jun/2026:03:49:00 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by WordPress.com"
138.84.66.122 - - [30/Jun/2026:03:49:11 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack/12.1; WordPress/6.1; http://site80632634.com"
138.84.66.122 - - [30/Jun/2026:03:49:22 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack/12.1; WordPress/6.3; http://site63756973.com"
...
show less
Brute-Force
๐ซ๐ท
dynamix
2026-06-27 20:05:42
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-06-27 17:33:10
(1 week ago)
Attac
Brute-Force
Anonymous
2026-06-26 14:24:37
(1 week ago)
[redacted] 138.84.66.122 - - [26/Jun/2026:16:23:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "W ...
show more
[redacted] 138.84.66.122 - - [26/Jun/2026:16:23:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 138.84.66.122 - - [26/Jun/2026:16:24:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 138.84.66.122 - - [26/Jun/2026:16:24:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.3; http://site36757041.com"
[redacted] 138.84.66.122 - - [26/Jun/2026:16:24:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
[redacted] 138.84.66.122 - - [26/Jun/2026:16:24:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐ซ๐ท
dynamix
2026-06-22 20:06:30
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 23:12:42
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:12:38.057807 2026] [security2:error] [pid 32422:tid 32422] [client 138.84.66.122:45279] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.84.66.122 (+1 hits since last alert)|caymancline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "ajR7ZhevnD2GC_BFZFDOWwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-15 22:40:25
(2 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ธ๐ช
vaia.cloud
2026-06-15 21:50:08
(2 weeks ago)
trying wp-login.php/xmlrpc.php 34 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 21:04:53
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 138.84.66.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 17:04:48.547643 2026] [security2:error] [pid 16729:tid 16729] [client 138.84.66.122:63804] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 138.84.66.122 (+1 hits since last alert)|roguetechtalks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechtalks.com"] [uri "/xmlrpc.php"] [unique_id "ajBo8Fja4d-yb-RcZKxS7AAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack