๐ฉ๐ช
findlab
2026-07-14 00:30:02
(6 hours ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 23:57:36
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 19:57:29.863427 2026] [security2:error] [pid 32699:tid 32699] [client 172.212.136.241:36300] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.212.136.241 (+1 hits since last alert)|luciferdirective.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "luciferdirective.com"] [uri "/blog/xmlrpc.php"] [unique_id "alV7aVetv0PcciPfznifdwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
Adorjan Daczo
2026-07-13 23:34:56
(6 hours ago)
Probe for vulnerabilities. Path attempted: /blog/xmlrpc.php
Web App Attack
๐ธ๐ช
SkyDancer
2026-07-13 23:26:28
(7 hours ago)
Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ...
show more
Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx
show less
Hacking
Brute-Force
SSH
Anonymous
2026-07-13 23:19:50
(7 hours ago)
172.212.136.241 - - [14/Jul/2026:01:19:50 +0200] "GET /blog/xmlrpc.php HTTP/1.1" 404 47 "https://sch ...
show more
172.212.136.241 - - [14/Jul/2026:01:19:50 +0200] "GET /blog/xmlrpc.php HTTP/1.1" 404 47 "https://schmittel-it.de/blog/xmlrpc.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
...
show less
Hacking
Bad Web Bot
Web App Attack
๐ซ๐ท
omartin
2026-07-13 23:13:02
(7 hours ago)
Critical Vulnerability Scan detected
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฌ๐ง
AvonleaConsulting
2026-07-13 22:48:46
(7 hours ago)
Attempts to probe web pages for vulnerable PHP or other applications
Web App Attack
๐ฉ๐ช
Hazzard
2026-07-13 22:47:19
(7 hours ago)
(wordpress) Failed wordpress login from 172.212.136.241 (US/United States/Iowa/Des Moines/-/[redacte ...
show more
(wordpress) Failed wordpress login from 172.212.136.241 (US/United States/Iowa/Des Moines/-/[redacted]): (CF_ENABLE)
show less
Brute-Force
๐บ๐ธ
rsa
2026-07-13 22:44:00
(7 hours ago)
GET /blog/xmlrpc.php HTTP/1.1
DDoS Attack
Web App Attack
๐ฉ๐ช
LRob
2026-07-13 22:42:49
(7 hours ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: /blog/xmlrpc.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: /blog/xmlrpc.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
show less
Brute-Force
Web App Attack
๐ฉ๐ช
wlt-blocker
2026-07-13 22:39:21
(7 hours ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:34:04
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:34:00.347198 2026] [security2:error] [pid 1231:tid 1231] [client 172.212.136.241:35968] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.212.136.241 (+1 hits since last alert)|edupal.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edupal.net"] [uri "/blog/xmlrpc.php"] [unique_id "alVn2E4zkaMlvdZu47W2UQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:18:17
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 172.212.136.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:18:10.820537 2026] [security2:error] [pid 29416:tid 29416] [client 172.212.136.241:35485] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 172.212.136.241 (+1 hits since last alert)|steinrauffamilylaw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "steinrauffamilylaw.com"] [uri "/blog/xmlrpc.php"] [unique_id "alVkImC6Sw3L_HLVS8LP4QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
Erpelstolz
2026-07-13 22:16:19
(8 hours ago)
external host: 172.212.136.241 - - [14/Jul/2026:00:16:18 +0200] "POST /blog/xmlrpc.php HTTP/1.1" 404 ...
show more
external host: 172.212.136.241 - - [14/Jul/2026:00:16:18 +0200] "POST /blog/xmlrpc.php HTTP/1.1" 404 5744 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" CF-Ray:- CF-IP:-
show less
Web App Attack
๐ฉ๐ช
Hary74656
2026-07-13 21:52:10
(8 hours ago)
[Mon Jul 13 23:52:02.257212 2026] [core:info] [pid 176237:tid 176544] [client 172.212.136.241:36568] ...
show more
[Mon Jul 13 23:52:02.257212 2026] [core:info] [pid 176237:tid 176544] [client 172.212.136.241:36568] AH00128: File does not exist: /home/sabine/www/blog/xmlrpc.php
...
show less
Bad Web Bot