π«π·
SpaceHost-Server
2026-07-07 22:30:21
(2 hours ago)
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-07 18:39:30
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 14:39:27.213690 2026] [security2:error] [pid 20676:tid 20676] [client 180.191.231.109:17009] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|lusineweb.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lusineweb.com"] [uri "/xmlrpc.php"] [unique_id "ak1H3z2a2s1SDaVVLgXm5wAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-07-07 14:23:21
(10 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 20:47:04
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:46:57.637984 2026] [security2:error] [pid 3848:tid 3860] [client 180.191.231.109:51678] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|georgementz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgementz.org"] [uri "/xmlrpc.php"] [unique_id "akwUQfRqylta2n4_sTjxZwAAAIg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 20:11:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:11:50.359048 2026] [security2:error] [pid 15977:tid 15977] [client 180.191.231.109:11117] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|opticasprisma.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "opticasprisma.com"] [uri "/xmlrpc.php"] [unique_id "akwMBuMzD8FNxr2bGjq_PAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 17:31:29
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 13:31:24.937295 2026] [security2:error] [pid 5338:tid 5338] [client 180.191.231.109:60026] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|alejandrogorsse.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alejandrogorsse.com"] [uri "/xmlrpc.php"] [unique_id "akvmbDzGy4G7pPAVAEHozAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
screwlooseit.com.au
2026-07-03 17:06:19
(4 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/-
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 11:42:55
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 07:42:47.829635 2026] [security2:error] [pid 16701:tid 16701] [client 180.191.231.109:65226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|dokuzadabirdeniz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dokuzadabirdeniz.com"] [uri "/xmlrpc.php"] [unique_id "akegN-eTcP2d8ykI3RUTkwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
WeekendWeb
2026-07-02 20:27:08
(5 days ago)
Wordpress Vunerability attack
Web App Attack
π²πΎ
Rizzy
2026-07-02 19:55:01
(5 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 18:59:19
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 14:59:14.977838 2026] [security2:error] [pid 307:tid 307] [client 180.191.231.109:57805] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|yanlidesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yanlidesign.com"] [uri "/xmlrpc.php"] [unique_id "aka1At-V9tzquviMQQj3mAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 17:50:50
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 13:50:43.573149 2026] [security2:error] [pid 28461:tid 28487] [client 180.191.231.109:61004] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|northtexaslive.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "northtexaslive.com"] [uri "/xmlrpc.php"] [unique_id "akak8-geXwvP-kOwcQ-6DwAAARg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-01 17:08:14
(6 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
π«π·
applemooz
2026-06-29 21:04:26
(1 week ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 13:55:07
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 180.191.231.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:55:01.143560 2026] [security2:error] [pid 18070:tid 18070] [client 180.191.231.109:58226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 180.191.231.109 (+1 hits since last alert)|edmestonfd.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edmestonfd.com"] [uri "/xmlrpc.php"] [unique_id "akJ5NfpheOHIvB8Ec_gOZgAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack