🇺🇸
TPI-Abuse
2026-07-15 15:47:54
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:47:46.504606 2026] [security2:error] [pid 24619:tid 24619] [client 168.181.48.95:8649] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|rotentendales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rotentendales.com"] [uri "/xmlrpc.php"] [unique_id "alerokvM1M4xVHRsEp84DgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-15 04:51:39
(17 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 00:51:33.833506 2026] [security2:error] [pid 4994:tid 4994] [client 168.181.48.95:18096] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|disio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "disio.com"] [uri "/xmlrpc.php"] [unique_id "alcR1Ya4uJsoiSkoKOSlAwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 03:46:12
(18 hours ago)
WordPress Brute Force
Brute-Force
🇺🇸
TPI-Abuse
2026-07-14 22:29:04
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 18:28:59.913322 2026] [security2:error] [pid 23683:tid 23683] [client 168.181.48.95:7654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|rodzillacharters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodzillacharters.com"] [uri "/xmlrpc.php"] [unique_id "ala4K-OwWEfFTuLimwMYEwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇳🇱
Site.eu
2026-07-14 21:56:48
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-14 18:53:08
(1 day ago)
Blocked by siteaihub.com: auto: matched wildcard:/*xmlrpc.php*
Web App Attack
Hacking
🇺🇸
TPI-Abuse
2026-07-14 17:52:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 13:52:29.962635 2026] [security2:error] [pid 31124:tid 31124] [client 168.181.48.95:16035] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "alZ3Xfbff9XvzFDLLPxlhAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇪🇸
masterguru
2026-07-14 17:52:23
(1 day ago)
(xmlrpc) Failed xmlrpc access from 168.181.48.95 (BR/Brazil/95.48.181.168.rfc6598.dynamic.copelfibra ...
show more
(xmlrpc) Failed xmlrpc access from 168.181.48.95 (BR/Brazil/95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 5 in the last 3600 secs (0-122)
show less
Hacking
🇫🇷
dynamix
2026-07-14 16:06:10
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 11:52:03
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:51:55.525483 2026] [security2:error] [pid 9806:tid 9806] [client 168.181.48.95:17927] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|tenmenband.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tenmenband.com"] [uri "/xmlrpc.php"] [unique_id "alYi22ZCZAOO-G2StZswGAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇩🇪
ghostwarriors
2026-07-14 11:20:51
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 11:18:53
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 09:38:05
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 05:37:57.546848 2026] [security2:error] [pid 14530:tid 14530] [client 168.181.48.95:8280] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|tomartsmedia.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomartsmedia.org"] [uri "/xmlrpc.php"] [unique_id "alYDdZy0jBMY9gRGz0bG3AAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇨🇭
4server
2026-07-14 07:23:32
(1 day ago)
[TueJul1409:23:26.6876082026][security2:error][pid1940848:tid1941048][client168.181.48.95:0]ModSecur ...
show more
[TueJul1409:23:26.6876082026][security2:error][pid1940848:tid1941048][client168.181.48.95:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"swiss-domain-name.ch\"][uri\"/xmlrpc.php\"][unique_id\"alXj7v5YqieB0Do-SOOLiwAAAUI\"]
show less
Hacking
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 05:10:37
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.co ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.48.95 (95.48.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:10:31.756689 2026] [security2:error] [pid 14054:tid 14054] [client 168.181.48.95:17043] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.48.95 (+1 hits since last alert)|mosheimlib.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mosheimlib.org"] [uri "/xmlrpc.php"] [unique_id "alXEx0o4AGK_t75WQjW7WgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack