🇫🇷
SpaceHost-Server
2026-07-06 22:28:08
(3 hours ago)
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-06 18:55:39
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 14:55:33.067256 2026] [security2:error] [pid 17813:tid 17813] [client 168.181.50.234:16847] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|67ronin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "67ronin.com"] [uri "/xmlrpc.php"] [unique_id "akv6JV-URhjOF2RqaOKvVQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-06 13:17:44
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 09:17:41.355833 2026] [security2:error] [pid 28477:tid 28477] [client 168.181.50.234:18248] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|stacyfarm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "akuq9RY3AslfW3UOdXyL4wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-06 06:28:49
(19 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 02:28:44.466031 2026] [security2:error] [pid 5216:tid 5216] [client 168.181.50.234:7816] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|webersource.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webersource.com"] [uri "/xmlrpc.php"] [unique_id "aktLHD6_Iqq3tZ7IrZpyvAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-06 05:26:28
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 01:26:22.159209 2026] [security2:error] [pid 18633:tid 18660] [client 168.181.50.234:16768] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|travelusa.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "travelusa.us"] [uri "/xmlrpc.php"] [unique_id "aks8fswjIcAo4wdTg0YRuQAAAVg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇫🇷
applemooz
2026-07-05 23:15:56
(1 day ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
🇫🇷
SpaceHost-Server
2026-07-05 22:26:55
(1 day ago)
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-05 19:03:10
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 15:03:05.600928 2026] [security2:error] [pid 13824:tid 13824] [client 168.181.50.234:16925] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|studiopilates.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "studiopilates.net"] [uri "/xmlrpc.php"] [unique_id "akqqabvM8fWm3ED3Ch7bYgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-05 17:59:57
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic. ...
show more
(mod_security) mod_security (id:240335) triggered by 168.181.50.234 (234.50.181.168.rfc6598.dynamic.copelfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 13:59:51.695150 2026] [security2:error] [pid 25305:tid 25336] [client 168.181.50.234:18695] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 168.181.50.234 (+1 hits since last alert)|eceinal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eceinal.com"] [uri "/xmlrpc.php"] [unique_id "akqbl9e6KjdnUKNbXyi_gwAAAk0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-05 16:55:41
(1 day ago)
WordPress Brute Force
Brute-Force
Anonymous
2026-07-05 15:25:10
(1 day ago)
Attac
Brute-Force
🇫🇷
LRob
2026-07-05 14:22:31
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; ht ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.
show less
Brute-Force
Web App Attack
🇪🇸
alferez
2026-07-05 08:21:21
(1 day ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack