Anonymous
2026-07-17 05:07:41
(12 hours ago)
[redacted] 188.72.72.74 - - [17/Jul/2026:07:06:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wo ...
show more
[redacted] 188.72.72.74 - - [17/Jul/2026:07:06:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 188.72.72.74 - - [17/Jul/2026:07:07:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 188.72.72.74 - - [17/Jul/2026:07:07:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.3; http://site11991399.com"
[redacted] 188.72.72.74 - - [17/Jul/2026:07:07:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)"
[redacted] 188.72.72.74 - - [17/Jul/2026:07:07:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 08:57:37
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 04:57:30.551352 2026] [security2:error] [pid 13338:tid 13436] [client 188.72.72.74:63121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.72.72.74 (+1 hits since last alert)|eceinal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eceinal.com"] [uri "/xmlrpc.php"] [unique_id "aldLenCRBZDfPzh0mIJKEAAAAkg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-14 19:30:40
(2 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
Anonymous
2026-07-14 18:26:02
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 17:57:20
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 13:57:12.667221 2026] [security2:error] [pid 10399:tid 10399] [client 188.72.72.74:65491] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.72.72.74 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "alZ4eOuDa5eyYJloHIf0aQAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 07:20:33
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 188.72.72.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:20:30.774531 2026] [security2:error] [pid 30975:tid 30975] [client 188.72.72.74:61078] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 188.72.72.74 (+1 hits since last alert)|jesussotoca.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jesussotoca.com"] [uri "/xmlrpc.php"] [unique_id "alSRvtYriiuXyRul3WPSywAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-12 07:12:51
(5 days ago)
188.72.72.74 - - [12/Jul/2026:03:11:57 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.co ...
show more
188.72.72.74 - - [12/Jul/2026:03:11:57 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.com; https://wordpress.com"
188.72.72.74 - - [12/Jul/2026:03:12:08 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.com; https://wordpress.com"
188.72.72.74 - - [12/Jul/2026:03:12:18 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.com; https://wordpress.com"
188.72.72.74 - - [12/Jul/2026:03:12:39 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.com; https://wordpress.com"
188.72.72.74 - - [12/Jul/2026:03:12:50 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5129 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐ณ๐ด
jad-abuse
2026-07-11 18:42:44
(5 days ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-11 17:45:25
(5 days ago)
(xmlrpc) Failed xmlrpc access from 188.72.72.74 (RU/Russia/-): 5 in the last 3600 secs (0-122)
Hacking
๐ซ๐ท
dynamix
2026-07-11 10:23:38
(6 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-10 07:55:08
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐จ๐ฆ
polycoda
2026-02-18 12:44:16
(4 months ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
Anonymous
2025-12-09 04:57:16
(7 months ago)
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show more
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-post.asp
show less
Bad Web Bot
Exploited Host
๐ณ๐ฑ
exxos
2025-09-04 10:03:01
(10 months ago)
Attacks with Bad user agents
Hacking