๐บ๐ธ
Jason Howell
2025-10-06 00:28:28
(8 months ago)
154.213.193.213 - - [05/Oct/2025:19:28:09 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5 ...
show more
154.213.193.213 - - [05/Oct/2025:19:28:09 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (SMART-TV; X11; Linux i686) AppleWebKit/535.20+ (KHTML, like Gecko) Version/5.0 Safari/535.20+"
154.213.193.213 - - [05/Oct/2025:19:28:18 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5"
154.213.193.213 - - [05/Oct/2025:19:28:21 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11"
154.213.193.213 - - [05/Oct/2025:19:28:23 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3294 "-" "Mozilla/5.0 (Linux; Android 6.0; DIG-L03 Build/HUAWEIDIG-L03) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36"
154.213.193.213 - - [05/Oct/2025:19:28:27 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 lik
...
show less
Web App Attack
๐ณ๐ฑ
applemooz
2025-10-05 09:42:30
(8 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
WeekendWeb
2025-10-04 11:10:53
(8 months ago)
Wordpress Vunerability attack
Web App Attack
Anonymous
2025-09-30 16:35:37
(9 months ago)
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:18 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" ...
show more
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:18 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; FunWebProducts)"
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Linux; Android 6.0; MYA-L23 Build/HUAWEIMYA-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36"
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)"
[redacted] 154.213.193.213 - - [30/Sep/2025:18:35:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 449 "-" "Mozilla/5.0 (Linux; Android 8.0.0; SM-J600G Build/R16NW)
...
show less
Hacking
Web App Attack
๐ฉ๐ช
applemooz
2025-09-27 00:47:50
(9 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
Anonymous
2025-09-25 17:10:40
(9 months ago)
Bad Web Bot
Web App Attack
๐ฉ๐ช
Marc
2025-09-12 02:46:42
(9 months ago)
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-09-11 14:22:20
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 10:22:14.193969 2025] [security2:error] [pid 31383:tid 31383] [client 154.213.193.213:58617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.application.oxfordgliding.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aMLbFo9hAsoPPgvNQLx2_wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-10 13:59:08
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 09:59:05.012468 2025] [security2:error] [pid 29724:tid 29724] [client 154.213.193.213:40675] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kistner.us|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kistner.us"] [uri "/s3cmd.ini"] [unique_id "aMGEKXfqWpMYt4DbJPAxIwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-10 12:01:31
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 08:01:26.994234 2025] [security2:error] [pid 20240:tid 20240] [client 154.213.193.213:18481] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ken-parker.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ken-parker.com"] [uri "/s3cmd.ini"] [unique_id "aMFollAEC_jfbI0NYffRhQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-10 05:12:42
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 01:12:39.075537 2025] [security2:error] [pid 18142:tid 18142] [client 154.213.193.213:57907] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.canadagreenrecycling.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.canadagreenrecycling.com"] [uri "/s3cmd.ini"] [unique_id "aMEIx6xEXvz7Qm2QoSPLCgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
bsoft.de
2025-09-08 02:46:51
(9 months ago)
154.213.193.213 - - [08/Sep/2025:04:15:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5. ...
show more
154.213.193.213 - - [08/Sep/2025:04:15:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Linux; Android 7.0; Moto C Build/NRD90M.059) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36"
154.213.193.213 - - [08/Sep/2025:04:31:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
154.213.193.213 - - [08/Sep/2025:04:46:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-07 12:41:27
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 154.213.193.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 07 08:41:24.233800 2025] [security2:error] [pid 17938:tid 17938] [client 154.213.193.213:13117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.chassell.info"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aL19dCf5mJtzJFoU2vk9RgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-01 06:13:13
(9 months ago)
[Mon Sep 01 08:12:41.386175 2025] [authz_core:error] [pid 3453] [client 154.213.193.213:10503] AH016 ...
show more
[Mon Sep 01 08:12:41.386175 2025] [authz_core:error] [pid 3453] [client 154.213.193.213:10503] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Mon Sep 01 08:12:56.756378 2025] [authz_core:error] [pid 17734] [client 154.213.193.213:14279] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Mon Sep 01 08:13:12.745962 2025] [authz_core:error] [pid 3453] [client 154.213.193.213:36615] AH01630: client denied by server configuration: /etc/httpd/htdocs
...
show less
Web App Attack
Anonymous
2025-07-21 16:00:29
(11 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH