๐ฉ๐ช
LRob
2026-07-13 00:52:27
(1 hour ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)","Jetpack/12.5; WordPress/6.3; http://site33821174.com","Jetpack/1
show less
Brute-Force
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-12 20:34:41
(5 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 20:05:55
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink. ...
show more
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 16:05:48.303203 2026] [security2:error] [pid 18105:tid 18105] [client 145.224.123.15:26919] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 145.224.123.15 (+1 hits since last alert)|hookedupfishing.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hookedupfishing.net"] [uri "/xmlrpc.php"] [unique_id "alPznMBjot_JTRpEghmgBwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-12 17:01:49
(8 hours ago)
(xmlrpc) Apache: Failed xmlrpc access from 145.224.123.15 (UA/Ukraine/customer.wrswpol1.isp.starlink ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 145.224.123.15 (UA/Ukraine/customer.wrswpol1.isp.starlink.com): 10 in the last 3600 secs (0-201)
show less
Hacking
Anonymous
2026-07-12 14:27:14
(11 hours ago)
[redacted] 145.224.123.15 - - [12/Jul/2026:16:26:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 145.224.123.15 - - [12/Jul/2026:16:26:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
[redacted] 145.224.123.15 - - [12/Jul/2026:16:26:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 145.224.123.15 - - [12/Jul/2026:16:26:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 145.224.123.15 - - [12/Jul/2026:16:27:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site41059426.com"
[redacted] 145.224.123.15 - - [12/Jul/2026:16:27:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 13:16:49
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink. ...
show more
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 09:16:42.613041 2026] [security2:error] [pid 29892:tid 29892] [client 145.224.123.15:56766] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 145.224.123.15 (+1 hits since last alert)|ospectra.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ospectra.com"] [uri "/xmlrpc.php"] [unique_id "alOTunTt-omfp4LkeY4l-gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-12 09:41:04
(16 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; ht ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; https://wordpress.com","Jetpack/13.0; WordPress/6.4; http://site62636518.com","Jetpack/12.0; WordPress/6.3; http://site15001488.com",
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 09:10:12
(16 hours ago)
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink. ...
show more
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 05:10:06.270134 2026] [security2:error] [pid 18003:tid 18003] [client 145.224.123.15:65400] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 145.224.123.15 (+1 hits since last alert)|reyadecostarica.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reyadecostarica.com"] [uri "/xmlrpc.php"] [unique_id "alNZ7iDxxpFV1OQKCazYSQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
middelkoopcc
2026-07-12 08:45:06
(17 hours ago)
2026-07-12 10:36:50 WordPress login error from 145.224.123.15: invalid_username && 2026-07-12 10:37: ...
show more
2026-07-12 10:36:50 WordPress login error from 145.224.123.15: invalid_username && 2026-07-12 10:37:00 WordPress login error from 145.224.123.15: invalid_username && 2026-07-12 10:37:11 WordPress login error from 145.224.123.15: invalid_username && 43 more within 20 minutes
show less
Brute-Force
Anonymous
2026-07-12 08:10:30
(17 hours ago)
[ns65.kdns.gr] httpd-xmlrpc-post: sites=www.inagia.gr; logs=/var/log/httpd/domains/inagia.gr.log; sa ...
show more
[ns65.kdns.gr] httpd-xmlrpc-post: sites=www.inagia.gr; logs=/var/log/httpd/domains/inagia.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
BlueWire Hosting
2026-07-12 07:37:17
(18 hours ago)
Wordpress brute force attempt
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-12 07:05:12
(18 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 06:36:55
(19 hours ago)
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink. ...
show more
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 02:36:48.359537 2026] [security2:error] [pid 7555:tid 7555] [client 145.224.123.15:63569] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 145.224.123.15 (+1 hits since last alert)|superzilla.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "superzilla.com"] [uri "/xmlrpc.php"] [unique_id "alM2AH-BuieRweqdrX3zfwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 06:08:12
(19 hours ago)
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink. ...
show more
(mod_security) mod_security (id:240335) triggered by 145.224.123.15 (customer.wrswpol1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 02:08:04.443599 2026] [security2:error] [pid 27921:tid 27921] [client 145.224.123.15:58922] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 145.224.123.15 (+1 hits since last alert)|studiopilates.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "studiopilates.net"] [uri "/xmlrpc.php"] [unique_id "alMvRLzG0oKC8j7fn86gxAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
gui-ying233
2026-01-29 01:47:42
(5 months ago)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Sa ...
show more
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
show less
Bad Web Bot