๐บ๐ธ
myagent.site
2026-01-01 08:33:33
(6 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php
Hacking
๐ฉ๐ช
big-cloud.nl
2025-12-31 10:13:46
(6 months ago)
Try to access /xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-12 02:38:46
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 21:38:42.571539 2025] [security2:error] [pid 32490:tid 32537] [client 184.168.98.233:16818] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sailcleaner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sailcleaner.com"] [uri "/wp-json/Wp/v2/users"] [unique_id "aTuAMr6hvJE2Ewzdc_oduAAAANE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-11 23:13:06
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 18:12:59.790363 2025] [security2:error] [pid 1861:tid 1861] [client 184.168.98.233:26578] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.velvetculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.velvetculture.com"] [uri "/wp-json/wp/v2/users.json"] [unique_id "aTtP-8omgxg-jeKW-pLprAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-11 09:10:37
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 04:10:30.607058 2025] [security2:error] [pid 11127:tid 11127] [client 184.168.98.233:21618] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.internetnameregistration.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.internetnameregistration.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aTqKhv_HYtC8e8g9HprDHwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-11 04:01:13
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 23:01:09.038670 2025] [security2:error] [pid 13562:tid 13562] [client 184.168.98.233:42276] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cfmgroup.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cfmgroup.us"] [uri "/index.php/wp-json/wp/v2/users"] [unique_id "aTpCBSNjEueqficvtTiMcAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-11 02:04:41
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 21:04:34.101886 2025] [security2:error] [pid 19845:tid 19845] [client 184.168.98.233:14240] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.crep-psych.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.crep-psych.org"] [uri "/index.php/wp-json/wp/v2/users"] [unique_id "aTomsj7tiTie0owkLlxvSwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mind5t0rm
2025-11-29 19:29:23
(7 months ago)
(XMLRPC) WP XMLPRC Attack 184.168.98.233 (SG/Singapore/233.98.168.184.host.secureserver.net): 3 in t ...
show more
(XMLRPC) WP XMLPRC Attack 184.168.98.233 (SG/Singapore/233.98.168.184.host.secureserver.net): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 184.168.98.233 - - [30/Nov/2025:02:28:38 +0700] "POST /xmlrpc.php HTTP/1.1" 403 162 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
184.168.98.233 - - [30/Nov/2025:02:29:07 +0700] "POST /xmlrpc.php HTTP/1.1" 403 162 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
184.168.98.233 - - [30/Nov/2025:02:29:22 +0700] "POST /xmlrpc.php HTTP/1.1" 403 162 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"
show less
Port Scan
๐ฉ๐ช
LRob
2025-11-29 18:30:48
(7 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ธ๐ฌ
pusathosting.com
2025-11-29 02:15:04
(7 months ago)
2ds22 bruteforce
Brute-Force
Web App Attack
๐ณ๐ฑ
wlt-blocker
2025-11-28 05:09:16
(7 months ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-27 19:31:30
(7 months ago)
(mod_security) mod_security (id:240335) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:240335) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 14:31:21.022214 2025] [security2:error] [pid 28077:tid 28077] [client 184.168.98.233:48260] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 184.168.98.233 (+1 hits since last alert)|www.letmespeakpodcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.letmespeakpodcast.com"] [uri "/xmlrpc.php"] [unique_id "aSinCYwl29qTQF4XwFWmewAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-04 07:01:40
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserve ...
show more
(mod_security) mod_security (id:225170) triggered by 184.168.98.233 (233.98.168.184.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 04 02:01:32.555341 2025] [security2:error] [pid 11003:tid 11026] [client 184.168.98.233:50188] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dejacats.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dejacats.com"] [uri "/wp-json/Wp/v2/users"] [unique_id "aQmkzM6GGxC46HLdSJg5AwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-11-03 10:23:36
(8 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-10-31 18:09:40
(8 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH