Anonymous
2026-06-28 22:14:10
(14 minutes ago)
Attac
Brute-Force
๐ซ๐ท
ELYAZ
2026-06-28 17:38:05
(4 hours ago)
(wordpress) Failed wordpress login from 189.39.138.6 (BR/Brazil/-): (CF_ENABLE)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-28 16:33:13
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 12:33:05.110719 2026] [security2:error] [pid 11851:tid 11851] [client 189.39.138.6:61680] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 189.39.138.6 (+1 hits since last alert)|batfry.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "batfry.com"] [uri "/xmlrpc.php"] [unique_id "akFMwfuKsip4O8PXlDEJkwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-06-27 19:49:21
(1 day ago)
AutoBlock: ๐ WordPress Login Brute Force (20X or 30X) (Decay-Based)
Brute-Force
Web App Attack
๐ฉ๐ช
burlacu.org
2026-06-27 19:18:03
(1 day ago)
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 12 requests. Blocked ...
show more
Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 12 requests. Blocked automatically.
show less
Web App Attack
Bad Web Bot
๐ซ๐ท
dynamix
2026-06-27 17:42:06
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
rh24
2026-06-27 17:01:26
(1 day ago)
(wordpress) Failed wordpress login from 189.39.138.6 (BR/Brazil/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-27 15:07:23
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 11:07:19.224346 2026] [security2:error] [pid 8005:tid 8005] [client 189.39.138.6:11241] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 189.39.138.6 (+1 hits since last alert)|phoboschildren.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "phoboschildren.com"] [uri "/xmlrpc.php"] [unique_id "aj_nJ9HSY_MUtrdbDL8WRQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-27 14:01:14
(1 day ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-26 19:01:18
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 15:01:11.368210 2026] [security2:error] [pid 12963:tid 12963] [client 189.39.138.6:52143] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 189.39.138.6 (+1 hits since last alert)|roguetechhub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechhub.com"] [uri "/xmlrpc.php"] [unique_id "aj7MdzQmZTUKw8MtEdpFEQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 18:27:59
(2 days ago)
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wo ...
show more
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site10011307.com"
[redacted] 189.39.138.6 - - [26/Jun/2026:20:27:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐ง๐ช
cmbplf
2026-06-25 21:30:43
(3 days ago)
8.430 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
Anonymous
2026-06-25 20:34:10
(3 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-25 20:05:47
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 189.39.138.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 16:05:42.568389 2026] [security2:error] [pid 28299:tid 28299] [client 189.39.138.6:2472] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 189.39.138.6 (+1 hits since last alert)|cynosurephotography.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cynosurephotography.com"] [uri "/xmlrpc.php"] [unique_id "aj2KFmNHL0XFb2qd_sNYVQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-06-25 19:26:35
(3 days ago)
(wordpress) Failed wordpress login from 189.39.138.6 (BR/Brazil/-)
Brute-Force