๐ซ๐ท
dynamix
2026-07-09 09:48:15
(2 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-09 08:39:23
(3 hours ago)
154.227.128.64 - - [09/Jul/2026:10:39:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ...
show more
154.227.128.64 - - [09/Jul/2026:10:39:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
154.227.128.64 - - [09/Jul/2026:10:39:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
154.227.128.64 - - [09/Jul/2026:10:39:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
154.227.128.64 - - [09/Jul/2026:10:39:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
154.227.128.64 - - [09/Jul/2026:10:39:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:20:01
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:19:56.985457 2026] [security2:error] [pid 12181:tid 12181] [client 154.227.128.64:1130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.227.128.64 (+1 hits since last alert)|tell-me-first.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tell-me-first.com"] [uri "/xmlrpc.php"] [unique_id "ak89jBgM2xn7VkJyDKHL1AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:45:35
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:45:30.661419 2026] [security2:error] [pid 27341:tid 27422] [client 154.227.128.64:52772] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.227.128.64 (+1 hits since last alert)|smarterproductions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smarterproductions.com"] [uri "/xmlrpc.php"] [unique_id "ak81esZkqJtdB0QhKm7s9wAAAg8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 17:38:52
(18 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:38:44.367086 2026] [security2:error] [pid 5667:tid 5667] [client 154.227.128.64:26446] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.227.128.64 (+1 hits since last alert)|pearlhomesfw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pearlhomesfw.com"] [uri "/xmlrpc.php"] [unique_id "ak6LJLKM3NyleV1X3B2r7AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ญ
thaizone.com
2026-07-08 17:22:30
(19 hours ago)
Brute-forcing login against websites (D1-1) #1
Web App Attack
Hacking
๐ง๐ช
cmbplf
2026-07-08 09:34:48
(1 day ago)
6.639 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐บ๐ธ
factor1
2026-07-08 09:07:31
(1 day ago)
Fail2ban at saturn Reports Abuse.
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 08:39:54
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 04:39:49.350429 2026] [security2:error] [pid 1718:tid 1718] [client 154.227.128.64:33170] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.227.128.64 (+1 hits since last alert)|dymesich.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dymesich.com"] [uri "/xmlrpc.php"] [unique_id "ak4M1RrheVyLb17F0QP7mwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-08 08:36:06
(1 day ago)
(xmlrpc) Apache: Failed xmlrpc access from 154.227.128.64 (UG/Uganda/64-128-227-154.r.airtel.ug): 10 ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 154.227.128.64 (UG/Uganda/64-128-227-154.r.airtel.ug): 10 in the last 3600 secs (0-201)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-08 07:35:07
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 154.227.128.64 (64-128-227-154.r.airtel.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 03:34:59.472791 2026] [security2:error] [pid 27467:tid 27478] [client 154.227.128.64:3323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.227.128.64 (+1 hits since last alert)|mtiminis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mtiminis.com"] [uri "/xmlrpc.php"] [unique_id "ak39o_cq5jPbalv17B5wUQAAAIk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-08 06:45:35
(1 day ago)
(wordpress) Failed wordpress login from 154.227.128.64 (UG/Uganda/64-128-227-154.r.airtel.ug)
Brute-Force
Anonymous
2026-07-08 05:59:48
(1 day ago)
(wordpress) Failed wordpress login from 154.227.128.64 (UG/Uganda/64-128-227-154.r.airtel.ug)
Brute-Force
๐บ๐ธ
myagent.site
2026-03-29 06:37:15
(3 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php
Hacking
๐ต๐ฑ
IROK
2026-03-28 12:34:11
(3 months ago)
Malware/WebShell Scan blocked by ModSecurity
...
Hacking