๐ฉ๐ช
ghostwarriors
2026-07-16 22:25:14
(7 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 13:04:18
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:04:11.191343 2026] [security2:error] [pid 10429:tid 10429] [client 170.254.183.196:5515] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|coyotebytes.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coyotebytes.net"] [uri "/xmlrpc.php"] [unique_id "alYzy1WSq7mq3hYcf5Fx4wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-14 12:20:11
(2 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 11:59:06
(2 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 08:49:18
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 04:49:12.374408 2026] [security2:error] [pid 14251:tid 14251] [client 170.254.183.196:6273] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|velvetculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "velvetculture.com"] [uri "/xmlrpc.php"] [unique_id "alX4CO2HHCe8F5x4-phNOQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 06:44:31
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 02:44:26.237596 2026] [security2:error] [pid 17170:tid 17170] [client 170.254.183.196:5932] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|geriterry.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "geriterry.com"] [uri "/xmlrpc.php"] [unique_id "alXayreNntsUrSXOROYdkwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-14 06:44:04
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-14 04:11:20
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:11:15.123260 2026] [security2:error] [pid 11111:tid 11111] [client 170.254.183.196:5465] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|deborahbein.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "deborahbein.com"] [uri "/xmlrpc.php"] [unique_id "alW243LQWdOKRHO5Rl5WXgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 01:33:34
(3 days ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=www.physio-kinisi.gr; logs=/var/log/httpd/domains/physio-ki ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=www.physio-kinisi.gr; logs=/var/log/httpd/domains/physio-kinisi.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 00:41:54
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 20:41:47.043011 2026] [security2:error] [pid 17444:tid 17444] [client 170.254.183.196:6289] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|jmichaelpope.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jmichaelpope.com"] [uri "/xmlrpc.php"] [unique_id "alWFy86KuORzxeiyceT41wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-13 18:14:10
(3 days ago)
Try to access /xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 17:28:43
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 13:28:39.626138 2026] [security2:error] [pid 27146:tid 27146] [client 170.254.183.196:5856] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|hawarcenter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hawarcenter.com"] [uri "/xmlrpc.php"] [unique_id "alUgRzXF4S80rLmpKjkC7wAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-07-13 16:01:20
(3 days ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 15:58:11
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2 ...
show more
(mod_security) mod_security (id:240335) triggered by 170.254.183.196 (170.254.183.196.dynamic.redeg2.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 11:58:04.460301 2026] [security2:error] [pid 10933:tid 10933] [client 170.254.183.196:5716] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 170.254.183.196 (+1 hits since last alert)|astglobaltech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "astglobaltech.com"] [uri "/xmlrpc.php"] [unique_id "alULDG7tWpIItWeLbH7_cQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 13:57:58
(3 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack