๐จ๐ญ
backslash
2026-07-14 16:12:11
(3 days ago)
block ruleset 6B63410D189E6343B910F7440B8499558BEC52EB
Bad Web Bot
๐ซ๐ท
conseilgouz
2026-07-12 09:46:16
(5 days ago)
fmw-Joomla User : try to access forms...
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-03 13:21:35
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 09:21:30.715252 2026] [security2:error] [pid 5872:tid 5872] [client 158.181.40.157:4910] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 158.181.40.157 (+1 hits since last alert)|nancyscafeandcatering.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nancyscafeandcatering.com"] [uri "/xmlrpc.php"] [unique_id "aiAqWiFi1ABGKC5rp6TkzwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-03 13:19:51
(1 month ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
AZ/Azerbaijan/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-03 04:53:30
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:53:26.698249 2026] [security2:error] [pid 30443:tid 30443] [client 158.181.40.157:13439] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 158.181.40.157 (+1 hits since last alert)|aseguratuauto.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aseguratuauto.com"] [uri "/xmlrpc.php"] [unique_id "ah-zRvybnLyZjH6GaB8y1wAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 19:34:43
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:34:34.339743 2026] [security2:error] [pid 24365:tid 24365] [client 158.181.40.157:6462] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 158.181.40.157 (+1 hits since last alert)|waterjetsolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterjetsolutions.com"] [uri "/xmlrpc.php"] [unique_id "ah8wSpRf0ajJeRG46h9NgQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 18:58:13
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 158.181.40.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:58:06.200790 2026] [security2:error] [pid 6653:tid 6725] [client 158.181.40.157:7205] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 158.181.40.157 (+1 hits since last alert)|atlasrecordssearch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "atlasrecordssearch.com"] [uri "/xmlrpc.php"] [unique_id "ah8nvv-8bIux7aY8NFQpfgAAAIo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-02 17:26:24
(1 month ago)
158.181.40.157 - - [02/Jun/2026:19:26:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ...
show more
158.181.40.157 - - [02/Jun/2026:19:26:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
158.181.40.157 - - [02/Jun/2026:19:26:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
158.181.40.157 - - [02/Jun/2026:19:26:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)"
158.181.40.157 - - [02/Jun/2026:19:26:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)"
158.181.40.157 - - [02/Jun/2026:19:26:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-04-12 09:04:14
(3 months ago)
DDoS botnet 510.000+ IPs; URL with bing/trustpilot/githubhelp and %C2%A4 or \xc2\xa4. NEW 09/2025: a ...
show more
DDoS botnet 510.000+ IPs; URL with bing/trustpilot/githubhelp and %C2%A4 or \xc2\xa4. NEW 09/2025: amplification attacks via third-parties e.g. HTTP_USER_AGENT facebookexternalhit/meta-externalagent/meta-externalfetcher or IPs from googleusercontent.com with fake HTTP_REFERER foxnews.com/newsweek.com/upwork.com/activision.com/... Port 443.
show less
DDoS Attack
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2026-01-26 08:30:03
(5 months ago)
Wordpress probing for vulnerabilities
Hacking
Exploited Host
๐บ๐ธ
RAP
2026-01-20 05:32:45
(5 months ago)
2026-01-20 05:32:45 UTC Unauthorized activity to TCP port 2323. Telnet
Port Scan
๐บ๐ธ
MPL
2026-01-19 11:22:05
(5 months ago)
tcp/9023 (6 or more attempts)
Port Scan
๐ฉ๐ช
NetworkOperationsTeam
2024-11-10 18:36:08
(1 year ago)
SMS Bombing. Trying to authenticate. API Abuse rate limit exceeded
Hacking
Brute-Force
Web App Attack