๐ณ๐ฑ
Site.eu
2026-06-25 14:20:59
(4 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฆ๐บ
screwlooseit.com.au
2026-06-25 12:53:13
(4 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
RS/Serbia/178-220-154-195.static.isp.telekom.rs
Web App Attack
๐ซ๐ท
dynamix
2026-06-23 15:33:52
(6 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 01:36:07
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.tel ...
show more
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 21:36:01.570695 2026] [security2:error] [pid 8359:tid 8359] [client 178.220.154.195:37448] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.220.154.195 (+1 hits since last alert)|shannonraevocalstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shannonraevocalstudio.com"] [uri "/xmlrpc.php"] [unique_id "ajiRgeESdSy4ZEDQpJWKEQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 23:52:44
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.tel ...
show more
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 19:52:41.460650 2026] [security2:error] [pid 15851:tid 15851] [client 178.220.154.195:16628] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.220.154.195 (+1 hits since last alert)|directcch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "directcch.com"] [uri "/xmlrpc.php"] [unique_id "ajh5SZSsrlI26Cu6XgxRCwAAAF4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Kenshin869
2026-06-21 23:49:26
(1 week ago)
Wordpress unauthorized access attempt
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-21 23:22:30
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.tel ...
show more
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 19:22:26.273915 2026] [security2:error] [pid 9589:tid 9589] [client 178.220.154.195:18738] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.220.154.195 (+1 hits since last alert)|phalanxemail.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "phalanxemail.net"] [uri "/xmlrpc.php"] [unique_id "ajhyMujkMwkjlhU8__pkCwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 22:51:17
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.tel ...
show more
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 18:51:10.047321 2026] [security2:error] [pid 29598:tid 29598] [client 178.220.154.195:10801] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.220.154.195 (+1 hits since last alert)|drdot.xyz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drdot.xyz"] [uri "/xmlrpc.php"] [unique_id "ajhq3iKahRafCsA6CsNSPQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 22:20:06
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.tel ...
show more
(mod_security) mod_security (id:240335) triggered by 178.220.154.195 (178-220-154-195.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 18:20:01.403095 2026] [security2:error] [pid 32032:tid 32032] [client 178.220.154.195:14866] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.220.154.195 (+1 hits since last alert)|circleinthesquare.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "circleinthesquare.org"] [uri "/xmlrpc.php"] [unique_id "ajhjkT_eNa0ubq15SdCOHgAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-19 22:21:13
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-06-19 21:24:38
(1 week ago)
178.220.154.195 - - [20/Jun/2026:05:23:53 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "Jetpack b ...
show more
178.220.154.195 - - [20/Jun/2026:05:23:53 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
178.220.154.195 - - [20/Jun/2026:05:24:25 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "WordPress.com; https://wordpress.com"
178.220.154.195 - - [20/Jun/2026:05:24:37 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5935 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Anonymous
2026-06-16 23:03:05
(1 week ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ธ๐ช
vaia.cloud
2026-06-15 23:21:03
(2 weeks ago)
trying wp-login.php/xmlrpc.php 34 times in 1 minutes
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-15 22:27:45
(2 weeks ago)
Brute-Force
Web App Attack
Anonymous
2026-06-15 20:58:00
(2 weeks ago)
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" ...
show more
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
[redacted] 178.220.154.195 - - [15/Jun/2026:22:57:38 +0200]
...
show less
Hacking
Web App Attack