๐ซ๐ท
dynamix
2026-07-13 15:48:50
(19 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-13 14:47:44
(20 hours ago)
[redacted] 157.85.211.39 - - [13/Jul/2026:16:46:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "W ...
show more
[redacted] 157.85.211.39 - - [13/Jul/2026:16:46:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack/12.1; WordPress/6.3; http://site18326450.com"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com"
[redacted] 157.85.211.39 - - [13/Jul/2026:16:47:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com"
h
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 14:22:12
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 10:22:07.432526 2026] [security2:error] [pid 3967:tid 3967] [client 157.85.211.39:24004] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.85.211.39 (+1 hits since last alert)|dwightbrown.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dwightbrown.com"] [uri "/xmlrpc.php"] [unique_id "alT0j4WN44sUMit7cb1P0wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 11:45:41
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 07:45:37.989674 2026] [security2:error] [pid 18378:tid 18378] [client 157.85.211.39:21086] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.85.211.39 (+1 hits since last alert)|casapapayasanmiguel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "casapapayasanmiguel.com"] [uri "/xmlrpc.php"] [unique_id "alTP4WzOlnxMnvi_6vGCXgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 10:43:18
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 157.85.211.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 06:43:11.917326 2026] [security2:error] [pid 13790:tid 13790] [client 157.85.211.39:24856] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 157.85.211.39 (+1 hits since last alert)|oogeothermal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oogeothermal.com"] [uri "/xmlrpc.php"] [unique_id "alTBP4pesUvD019jGFYX7gAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
sockominfo
2026-04-29 20:00:40
(2 months ago)
User login to application during non-business hours. Threat Score: 6.4/10 (MEDIUM). Confidence: 40%. ...
show more
User login to application during non-business hours. Threat Score: 6.4/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 4.6/10 (Medium). CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 87%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS
show less
Hacking
Web App Attack
๐ฎ๐ฉ
sockominfo
2026-04-29 19:00:13
(2 months ago)
User login to application during non-business hours. Threat Score: 5.9/10 (MEDIUM). Reported by Tang ...
show more
User login to application during non-business hours. Threat Score: 5.9/10 (MEDIUM). Reported by TangerangKota-CSIRT
show less
Hacking
Web App Attack
๐ฎ๐ฉ
sockominfo
2026-04-26 17:00:35
(2 months ago)
Reported by TangerangKota-CSIRT. Status: MALICIOUS
Hacking
Web App Attack
๐ฎ๐ฉ
sockominfo
2026-04-26 16:00:49
(2 months ago)
User access to sensitive menu during non-business hours, User login to application during non-busine ...
show more
User access to sensitive menu during non-business hours, User login to application during non-business hours. Threat Score: 6.7/10 (HIGH). Confidence: 40%. CVSS v3.1: 4.6/10 (Medium). CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 93%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS
show less
Hacking
Web App Attack
๐ฎ๐น
VHosting
2026-04-26 09:29:03
(2 months ago)
Detected attack and reported by a human
Brute-Force
Web App Attack
SSH
DDoS Attack
Exploited Host
Bad Web Bot
๐ฎ๐น
Progetto1
2026-03-04 19:01:02
(4 months ago)
Mail - Multiple failed login attempts
Brute-Force
Exploited Host