Anonymous
2026-07-18 12:34:04
(11 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 04:58:07
(18 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 00:58:01.111262 2026] [security2:error] [pid 26185:tid 26185] [client 178.238.10.211:41306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|hendersonhomes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hendersonhomes.com"] [uri "/xmlrpc.php"] [unique_id "alsH2Zry9fFLFnVPSTfNIAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 03:14:56
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 23:14:53.104612 2026] [security2:error] [pid 31762:tid 31762] [client 178.238.10.211:33416] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|michaelkivisto.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michaelkivisto.com"] [uri "/xmlrpc.php"] [unique_id "alrvrZhLXzOTognCaaG_FQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 02:43:35
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 22:43:29.066373 2026] [security2:error] [pid 12861:tid 12865] [client 178.238.10.211:55472] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|browbrew.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "browbrew.com"] [uri "/xmlrpc.php"] [unique_id "alroURyOlYrjlSkEwfBtjAAAAEE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-18 00:31:21
(23 hours ago)
178.238.10.211 - [18/Jul/2026:03:31:14 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by Wo ...
show more
178.238.10.211 - [18/Jul/2026:03:31:14 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" "-"
178.238.10.211 - [18/Jul/2026:03:31:20 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-18 00:16:13
(23 hours ago)
178.238.10.211 - [18/Jul/2026:03:16:02 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by Wo ...
show more
178.238.10.211 - [18/Jul/2026:03:16:02 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
178.238.10.211 - [18/Jul/2026:03:16:12 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 23:59:17
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 19:59:13.730977 2026] [security2:error] [pid 22188:tid 22188] [client 178.238.10.211:52596] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|dwightbrown.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dwightbrown.com"] [uri "/xmlrpc.php"] [unique_id "alrB0ZU2vhWVCeTigdREogAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-07-17 18:24:50
(1 day ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 18:11:32
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 14:11:28.027305 2026] [security2:error] [pid 3064:tid 3064] [client 178.238.10.211:54146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|lowkeytiki.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lowkeytiki.com"] [uri "/xmlrpc.php"] [unique_id "alpwUKOK3WVZ2Kw1wbX5QQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 12:09:10
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-17 06:12:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:12:22.121740 2026] [security2:error] [pid 323475:tid 323475] [client 178.238.10.211:57346] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|lukeschicago.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lukeschicago.com"] [uri "/xmlrpc.php"] [unique_id "alnHxgXElzfobSfJHY-D_gAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-17 04:26:34
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
GB/United Kingdom/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:05:05
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 178.238.10.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:04:57.469971 2026] [security2:error] [pid 160587:tid 160587] [client 178.238.10.211:37068] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 178.238.10.211 (+1 hits since last alert)|esysapps.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "esysapps.com"] [uri "/xmlrpc.php"] [unique_id "almb2eFkwtECo59bZjibugAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
debestelapp
2026-07-17 01:20:07
(1 day ago)
Web App Attack
Anonymous
2026-07-16 22:57:27
(2 days ago)
[redacted] 178.238.10.211 - - [17/Jul/2026:00:56:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 178.238.10.211 - - [17/Jul/2026:00:56:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 178.238.10.211 - - [17/Jul/2026:00:56:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 178.238.10.211 - - [17/Jul/2026:00:57:04 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 178.238.10.211 - - [17/Jul/2026:00:57:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 178.238.10.211 - - [17/Jul/2026:00:57:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack