๐ฉ๐ช
F242
2026-06-29 14:46:51
(4 hours ago)
Wordpress Login or XMLRPC abuse
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 14:19:00
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.c ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 10:18:54.450893 2026] [security2:error] [pid 23960:tid 23960] [client 150.228.11.47:61045] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.11.47 (+1 hits since last alert)|waterspell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterspell.net"] [uri "/xmlrpc.php"] [unique_id "akJ-zqzeaJ658TrYYVIfUAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-29 11:36:57
(7 hours ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-29 10:05:04
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.c ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 06:04:54.817538 2026] [security2:error] [pid 5823:tid 5877] [client 150.228.11.47:54248] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.11.47 (+1 hits since last alert)|cynosureinternetservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cynosureinternetservices.com"] [uri "/xmlrpc.php"] [unique_id "akJDRsjuJvZ7Sd1kdQVhQQAAAEw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 10:03:37
(8 hours ago)
[redacted] 150.228.11.47 - - [29/Jun/2026:12:02:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ...
show more
[redacted] 150.228.11.47 - - [29/Jun/2026:12:02:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
[redacted] 150.228.11.47 - - [29/Jun/2026:12:03:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
[redacted] 150.228.11.47 - - [29/Jun/2026:12:03:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
[redacted] 150.228.11.47 - - [29/Jun/2026:12:03:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.3; http://site17763984.com"
[redacted] 150.228.11.47 - - [29/Jun/2026:12:03:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
...
show less
Hacking
Web App Attack
๐บ๐ธ
cwytech
2026-06-29 10:02:39
(8 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-06-29 04:44:33
(14 hours ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ฉ๐ช
rh24
2026-06-28 10:20:24
(1 day ago)
(wordpress) Failed wordpress login from 150.228.11.47 (YE/Yemen/customer.frntdeu1.isp.starlink.com)
Brute-Force
๐บ๐ธ
integrantservices.com
2026-06-28 08:45:42
(1 day ago)
(wordpress) Failed wordpress login from 150.228.11.47 (YE/Yemen/customer.frntdeu1.isp.starlink.com)
Brute-Force
๐ฆ๐บ
screwlooseit.com.au
2026-06-28 08:45:19
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/customer.frntdeu1.isp.starlink.com
Web App Attack
๐ฑ๐ป
garmtech.com
2026-06-28 04:18:27
(1 day ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 07:48:45
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.c ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.11.47 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 03:48:41.103031 2026] [security2:error] [pid 25257:tid 25257] [client 150.228.11.47:35640] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.11.47 (+1 hits since last alert)|d-sinema.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "d-sinema.com"] [uri "/xmlrpc.php"] [unique_id "aj-AWftlzOFAmCa95J7clgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-27 06:02:27
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-06-27 00:39:31
(2 days ago)
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=nbmedical.gr; logs=/var/log/httpd/domains/nbmedical.gr.log; ...
show more
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=nbmedical.gr; logs=/var/log/httpd/domains/nbmedical.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack