๐บ๐ธ
cwytech
2026-07-11 09:42:30
(14 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 03:36:22
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 23:36:14.692057 2026] [security2:error] [pid 8930:tid 8930] [client 14.7.9.5:53323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|femalegamblers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "femalegamblers.org"] [uri "/xmlrpc.php"] [unique_id "aknRLo5u_LwKgy-RK42sUQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 15:59:29
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 11:59:23.694558 2026] [security2:error] [pid 19930:tid 19930] [client 14.7.9.5:65363] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|jennyfiore.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jennyfiore.com"] [uri "/xmlrpc.php"] [unique_id "akkt25UuTK08NfPO0vEHTQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-04 07:45:48
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ฉ๐ช
LRob
2026-06-28 04:00:13
(1 week ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-06-28 01:46:28
(1 week ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 22:17:19
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 18:17:11.604937 2026] [security2:error] [pid 7832:tid 7832] [client 14.7.9.5:59571] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|opticasprisma.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "opticasprisma.com"] [uri "/xmlrpc.php"] [unique_id "akBL59sMI4FK1c7K_5hKGwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-27 11:31:22
(2 weeks ago)
[redacted] 14.7.9.5 - - [27/Jun/2026:13:30:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpac ...
show more
[redacted] 14.7.9.5 - - [27/Jun/2026:13:30:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
[redacted] 14.7.9.5 - - [27/Jun/2026:13:30:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.1; WordPress/6.2; http://site26479517.com"
[redacted] 14.7.9.5 - - [27/Jun/2026:13:30:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
[redacted] 14.7.9.5 - - [27/Jun/2026:13:31:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
[redacted] 14.7.9.5 - - [27/Jun/2026:13:31:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-20 09:42:45
(3 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
KR/South Korea/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 05:27:03
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:26:56.141100 2026] [security2:error] [pid 22354:tid 22354] [client 14.7.9.5:52071] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|redlitephotos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "redlitephotos.com"] [uri "/xmlrpc.php"] [unique_id "ajYkoIh11zvsCOCgqj5CaQAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-20 04:30:09
(3 weeks ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 03:25:12
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 23:25:06.968331 2026] [security2:error] [pid 29647:tid 29647] [client 14.7.9.5:57706] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|67ronin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "67ronin.com"] [uri "/xmlrpc.php"] [unique_id "ajYIEiDUtgSIjyUrLCo2HgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-14 07:16:25
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:225170) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:16:17.463646 2026] [security2:error] [pid 472:tid 472] [client 14.7.9.5:65047] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fgrotary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fgrotary.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ai5VQR-mF8yEAleUw7M4NgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-14 06:04:41
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:04:37.949537 2026] [security2:error] [pid 19717:tid 19717] [client 14.7.9.5:18561] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|pleaseaddbacon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pleaseaddbacon.com"] [uri "/xmlrpc.php"] [unique_id "ai5EdW1Rl-XJVIRBFHhLMgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-14 03:13:58
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; ...
show more
(mod_security) mod_security (id:240335) triggered by 14.7.9.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 23:13:53.104504 2026] [security2:error] [pid 13925:tid 13925] [client 14.7.9.5:65048] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 14.7.9.5 (+1 hits since last alert)|fernfield.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fernfield.com"] [uri "/xmlrpc.php"] [unique_id "ai4ccSBiABne1mTTHh72nQAAAGI"]
show less
Brute-Force
Bad Web Bot
Web App Attack