๐บ๐ธ
TPI-Abuse
2026-07-03 02:41:25
(16 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 22:41:17.496800 2026] [security2:error] [pid 17683:tid 17699] [client 178.149.85.200:59520] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|danelandia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "danelandia.com"] [uri "/xmlrpc.php"] [unique_id "akchTRe0_RoQXZVd5XPAnwAAAQ4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 18:14:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 14:14:29.167954 2026] [security2:error] [pid 32269:tid 32269] [client 178.149.85.200:51594] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|edgebiopharma.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edgebiopharma.com"] [uri "/xmlrpc.php"] [unique_id "akaqhRuRdDFTMD2q2fZFqwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-02 17:16:16
(1 day ago)
178.149.85.200 - [02/Jul/2026:20:16:10 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18963 "-" "WordPress.c ...
show more
178.149.85.200 - [02/Jul/2026:20:16:10 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18963 "-" "WordPress.com; https://wordpress.com" "-"
178.149.85.200 - [02/Jul/2026:20:16:15 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18050 "-" "Jetpack by WordPress.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-02 17:00:52
(1 day ago)
178.149.85.200 - [02/Jul/2026:20:00:42 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by Wo ...
show more
178.149.85.200 - [02/Jul/2026:20:00:42 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
178.149.85.200 - [02/Jul/2026:20:00:51 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-07-02 05:32:46
(1 day ago)
178.149.85.200 - - [02/Jul/2026:13:32:22 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "WordPress. ...
show more
178.149.85.200 - - [02/Jul/2026:13:32:22 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "WordPress.com; https://wordpress.com"
178.149.85.200 - - [02/Jul/2026:13:32:31 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack by WordPress.com"
178.149.85.200 - - [02/Jul/2026:13:32:45 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack/12.5; WordPress/6.3; http://site92013590.com"
...
show less
Brute-Force
Anonymous
2026-07-02 04:49:04
(1 day ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 20:41:58
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 16:41:51.905843 2026] [security2:error] [pid 15988:tid 15988] [client 178.149.85.200:56663] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "akV7jzdjMdMR0B_7mZyC6gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 20:25:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 16:25:19.671153 2026] [security2:error] [pid 17611:tid 17611] [client 178.149.85.200:52153] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|kiinlog.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kiinlog.com"] [uri "/xmlrpc.php"] [unique_id "akV3r-njUnJp0gcNKEV0uwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-07-01 19:37:27
(1 day ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-01 05:03:20
(2 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ซ๐ท
applemooz
2026-06-30 08:29:16
(3 days ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ฉ๐ช
Marc
2026-06-30 04:24:15
(3 days ago)
178.149.85.200 - - [30/Jun/2026:06:23:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3466 "-" "Jetpack by ...
show more
178.149.85.200 - - [30/Jun/2026:06:23:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3466 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 178.149.85.200 - - [30/Jun/2026:06:24:05 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3467 "-" "WordPress.com; https://wordpress.com" 178.149.85.200 - - [30/Jun/2026:06:24:14 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3467 "-" "WordPress.com; https://wordpress.com"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 02:54:29
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 22:54:25.385273 2026] [security2:error] [pid 14387:tid 14387] [client 178.149.85.200:64603] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|alejandrogorsse.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alejandrogorsse.com"] [uri "/xmlrpc.php"] [unique_id "akMv4cBrIpQHZeeVFKUE1AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
noise.agency
2026-06-29 20:12:14
(3 days ago)
(wordpress) Failed wordpress login from 178.149.85.200 (RS/Serbia/cable-178-149-85-200.dynamic.sbb.r ...
show more
(wordpress) Failed wordpress login from 178.149.85.200 (RS/Serbia/cable-178-149-85-200.dynamic.sbb.rs)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-29 08:59:26
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sb ...
show more
(mod_security) mod_security (id:240335) triggered by 178.149.85.200 (cable-178-149-85-200.dynamic.sbb.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 04:59:18.564458 2026] [security2:error] [pid 14685:tid 14685] [client 178.149.85.200:53387] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.149.85.200 (+1 hits since last alert)|dennisangellismusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dennisangellismusic.com"] [uri "/xmlrpc.php"] [unique_id "akIz5rY32PggANnbxwIBmwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack