๐บ๐ธ
bigwavedave
2026-07-10 06:41:48
(53 minutes ago)
Wordpress Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 04:55:51
(2 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:55:46.496714 2026] [security2:error] [pid 17508:tid 17508] [client 157.20.138.59:63143] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.20.138.59 (+1 hits since last alert)|pearlhomesfw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pearlhomesfw.com"] [uri "/xmlrpc.php"] [unique_id "alB7UsVTGf3ZRPNXwneYYQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-10 04:35:18
(2 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)","Jetpack by WordPress.com","Jetpack/12.1; WordPress/6.4; http://site71059679.com","Jetpack/1
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 04:03:12
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:03:06.677823 2026] [security2:error] [pid 17625:tid 17625] [client 157.20.138.59:56172] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.20.138.59 (+1 hits since last alert)|rodzillacharters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodzillacharters.com"] [uri "/xmlrpc.php"] [unique_id "alBu-i5oLzf46sTeUN0-nwAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-10 03:53:52
(3 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-10 02:41:30
(4 hours ago)
[web.zebs.ch] httpd-xmlrpc-post: sites=www.swisscybertech.ch; logs=/var/log/httpd/domains/swisscyber ...
show more
[web.zebs.ch] httpd-xmlrpc-post: sites=www.swisscybertech.ch; logs=/var/log/httpd/domains/swisscybertech.ch.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 01:51:22
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 21:51:19.230916 2026] [security2:error] [pid 27305:tid 27305] [client 157.20.138.59:51883] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.20.138.59 (+1 hits since last alert)|iplantotravel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iplantotravel.com"] [uri "/xmlrpc.php"] [unique_id "alBQFyISS2OlM1E29mn9TwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 01:32:50
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 21:32:46.484325 2026] [security2:error] [pid 921:tid 921] [client 157.20.138.59:60815] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.20.138.59 (+1 hits since last alert)|oowoah.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oowoah.com"] [uri "/xmlrpc.php"] [unique_id "alBLvijAZ3PgerHGKE6CGgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2026-07-10 00:16:58
(7 hours ago)
(wordpress) Failed wordpress login from 157.20.138.59 (IN/India/-): (CF_ENABLE)
Brute-Force
๐บ๐ธ
IndigoRidge
2026-07-09 22:45:07
(8 hours ago)
157.20.138.59 - - [09/Jul/2026:18:44:25 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "Jetpack by ...
show more
157.20.138.59 - - [09/Jul/2026:18:44:25 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "Jetpack by WordPress.com"
157.20.138.59 - - [09/Jul/2026:18:44:35 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
157.20.138.59 - - [09/Jul/2026:18:44:46 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "WordPress.com; https://wordpress.com"
157.20.138.59 - - [09/Jul/2026:18:44:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
157.20.138.59 - - [09/Jul/2026:18:45:07 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5242 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
...
show less
Web App Attack
๐ซ๐ท
Lunix
2026-07-09 20:21:05
(11 hours ago)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 16:22:12
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.20.138.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 12:22:09.474409 2026] [security2:error] [pid 1415:tid 1415] [client 157.20.138.59:50701] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.20.138.59 (+1 hits since last alert)|produktives.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "produktives.com"] [uri "/xmlrpc.php"] [unique_id "ak_KsSowwN1-bYoWhnM13wAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-09 15:48:49
(15 hours ago)
(xmlrpc) Failed xmlrpc access from 157.20.138.59 (IN/India/-): 5 in the last 3600 secs (0-122)
Hacking
๐ฆ๐บ
screwlooseit.com.au
2026-07-09 14:24:45
(17 hours ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐ณ๐ฑ
debestelapp
2026-07-09 14:20:05
(17 hours ago)
Web App Attack