๐บ๐ธ
TPI-Abuse
2026-06-28 09:54:21
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:54:12.163170 2026] [security2:error] [pid 12386:tid 12386] [client 178.217.11.6:57147] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.217.11.6 (+1 hits since last alert)|cosplayculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cosplayculture.com"] [uri "/xmlrpc.php"] [unique_id "akDvRDwTbUKchxccXlDQYgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-06-27 22:33:04
(1 day ago)
{"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905","ClientUsername" ...
show more
{"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":427388320,"OriginContentSize":418,"OriginDuration":423957788,"OriginStatus":403,"Overhead":3430532,"RequestAddr":"www.cleveradmin.de","RequestContentSize":715,"RequestCount":1606580,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-28T00:32:36.478294188+02:00","StartUTC":"2026-06-27T22:32:36.478294188Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-28T00:32:36+02:00"}
{"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
XYCoderXY
2026-06-27 20:50:03
(1 day ago)
SSH/web brute-force & exploit scanning against lumerux.com (automated report).
Brute-Force
SSH
๐ช๐ธ
masterguru
2026-06-27 19:13:14
(1 day ago)
(xmlrpc) Failed xmlrpc access from 178.217.11.6 (RS/Serbia/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-27 17:10:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 13:10:18.306033 2026] [security2:error] [pid 5580:tid 5580] [client 178.217.11.6:60698] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.217.11.6 (+1 hits since last alert)|laecovillage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "laecovillage.org"] [uri "/xmlrpc.php"] [unique_id "akAD-ulPJZfQ0qFMRHU9oAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-26 22:28:08
(2 days ago)
Brute-Force
Web App Attack
Anonymous
2026-06-26 10:01:05
(2 days ago)
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr.log; ...
show more
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 09:11:43
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 05:11:33.194279 2026] [security2:error] [pid 7296:tid 7296] [client 178.217.11.6:49212] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.217.11.6 (+1 hits since last alert)|register-yacht-hong-kong.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "register-yacht-hong-kong.com"] [uri "/xmlrpc.php"] [unique_id "aj5CRVCozMiBDycrF01k0QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-25 19:07:17
(3 days ago)
178.217.11.6 - - [25/Jun/2026:21:06:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com ...
show more
178.217.11.6 - - [25/Jun/2026:21:06:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
178.217.11.6 - - [25/Jun/2026:21:06:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
178.217.11.6 - - [25/Jun/2026:21:07:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
178.217.11.6 - - [25/Jun/2026:21:07:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
178.217.11.6 - - [25/Jun/2026:21:07:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 15:56:00
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:55:53.989807 2026] [security2:error] [pid 4816:tid 4816] [client 178.217.11.6:50668] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.217.11.6 (+1 hits since last alert)|drjasonkolber.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drjasonkolber.com"] [uri "/xmlrpc.php"] [unique_id "aj1PicBYrVOgs2dxjFXEngAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Lunix
2026-06-25 15:49:55
(3 days ago)
Brute-Force
Web App Attack
๐ณ๐ด
tmiland
2026-03-01 18:52:00
(3 months ago)
(wordpress_xmlrpc) WordPress XMLPRC Attack 178.217.11.6 (RS/Serbia/-): 3 in the last 3600 secs
Brute-Force
Blog Spam
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-03-01 16:21:48
(3 months ago)
Attempted access to non existent wordpress urls
Bad Web Bot
Anonymous
2025-11-23 02:01:16
(7 months ago)
scanning http requests from known botnet
Web App Attack