Anonymous
2026-07-09 05:06:13
(6 days ago)
<jail> banned by fail2ban
Brute-Force
Web App Attack
๐ช๐ธ
alferez
2026-07-09 03:56:12
(6 days ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-08 22:07:33
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
ZA/South Africa/north-165-117-209.cgnat.osnet.co.za
Web App Attack
๐ช๐ธ
masterguru
2026-07-08 04:43:32
(1 week ago)
(xmlrpc) Failed xmlrpc access from 165.165.117.209 (ZA/South Africa/north-165-117-209.cgnat.osnet.co ...
show more
(xmlrpc) Failed xmlrpc access from 165.165.117.209 (ZA/South Africa/north-165-117-209.cgnat.osnet.co.za): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ณ๐ฑ
ConsulHosting
2026-07-07 21:45:06
(1 week ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-06 23:26:07
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-06 03:04:24
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet. ...
show more
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 23:04:18.239942 2026] [security2:error] [pid 27154:tid 27154] [client 165.165.117.209:39425] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.165.117.209 (+1 hits since last alert)|67ronin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "67ronin.com"] [uri "/xmlrpc.php"] [unique_id "aksbMu9cIvzBUcEVdZWD1QAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 02:31:04
(1 week ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 02:02:29
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet. ...
show more
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 22:02:25.290892 2026] [security2:error] [pid 10390:tid 10390] [client 165.165.117.209:19249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.165.117.209 (+1 hits since last alert)|kavahawaii.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kavahawaii.com"] [uri "/xmlrpc.php"] [unique_id "aksMsVQ6hz7ZDrxm-222TwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-07-06 00:26:37
(1 week ago)
165.165.117.209 - - [06/Jul/2026:08:26:18 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "WordPress ...
show more
165.165.117.209 - - [06/Jul/2026:08:26:18 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "WordPress.com; https://wordpress.com"
165.165.117.209 - - [06/Jul/2026:08:26:25 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
165.165.117.209 - - [06/Jul/2026:08:26:36 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
๐ณ๐ฑ
Site.eu
2026-07-05 18:49:17
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-05 17:38:15
(1 week ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-05 07:40:53
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet. ...
show more
(mod_security) mod_security (id:240335) triggered by 165.165.117.209 (north-165-117-209.cgnat.osnet.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 03:40:47.822463 2026] [security2:error] [pid 28525:tid 28525] [client 165.165.117.209:22213] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 165.165.117.209 (+1 hits since last alert)|stop902.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stop902.org"] [uri "/xmlrpc.php"] [unique_id "akoKf9hF_5Z68xy4rTCPnAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-05 07:36:17
(1 week ago)
(wordpress) Failed wordpress login from 165.165.117.209 (north-165-117-209.cgnat.osnet.co.za)
Brute-Force
๐ง๐ช
cmbplf
2026-07-05 04:38:15
(1 week ago)
4.375 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot