๐ณ๐ฑ
Site.eu
2026-07-14 21:02:29
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
LRob
2026-07-14 21:01:37
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https:// ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: WordPress.com; https://wordpress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 20:32:42
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 16:32:39.357919 2026] [security2:error] [pid 20186:tid 20186] [client 196.89.164.227:60091] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.89.164.227 (+1 hits since last alert)|georgegourmet.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgegourmet.com"] [uri "/xmlrpc.php"] [unique_id "alac51UvQeW4WhdTy_TuhwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:57:21
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:57:17.129987 2026] [security2:error] [pid 13874:tid 13897] [client 196.89.164.227:59659] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.89.164.227 (+1 hits since last alert)|pilargarciamanzanares.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pilargarciamanzanares.com"] [uri "/xmlrpc.php"] [unique_id "alZcXbtrCZEdIpzzFp008AAAANQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
factor1
2026-07-14 14:51:56
(1 day ago)
Fail2ban at churndash Reports Abuse.
Brute-Force
Web App Attack
๐ฒ๐น
Malta
2026-07-14 14:20:56
(1 day ago)
196.89.164.227 - - [14/Jul/2026:16:20:55 +0200] "POST /xmlrpc.php HTTP/1.1" "Jetpack by WordPress.co ...
show more
196.89.164.227 - - [14/Jul/2026:16:20:55 +0200] "POST /xmlrpc.php HTTP/1.1" "Jetpack by WordPress.com"
show less
Hacking
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-14 11:10:12
(1 day ago)
196.89.164.227 - - [14/Jul/2026:07:08:57 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress. ...
show more
196.89.164.227 - - [14/Jul/2026:07:08:57 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress.com; https://wordpress.com"
196.89.164.227 - - [14/Jul/2026:07:09:29 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress.com; https://wordpress.com"
196.89.164.227 - - [14/Jul/2026:07:09:40 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress.com; https://wordpress.com"
196.89.164.227 - - [14/Jul/2026:07:09:50 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress.com; https://wordpress.com"
196.89.164.227 - - [14/Jul/2026:07:10:12 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5533 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
Anonymous
2026-07-14 09:05:54
(1 day ago)
[redacted] 196.89.164.227 - - [14/Jul/2026:11:05:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ...
show more
[redacted] 196.89.164.227 - - [14/Jul/2026:11:05:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
spineconcept.de 196.89.164.227 - - [14/Jul/2026:11:05:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com"
[redacted] 196.89.164.227 - - [14/Jul/2026:11:05:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
spineconcept.de 196.89.164.227 - - [14/Jul/2026:11:05:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
[redacted] 196.89.164.227 - - [14/Jul/2026:11:05:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com"
spineconcept.de 196.89.164.227 - - [14/Jul/2026:11:05:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com"
[redacted] 196.89.164.227 - - [14/Jul/2026:11:05:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack/13.0; WordPre
...
show less
Hacking
Web App Attack
๐ซ๐ท
applemooz
2026-07-14 08:34:27
(1 day ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-14 08:34:26
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
MA/Morocco/-
Web App Attack
๐ช๐ธ
masterguru
2026-07-14 08:05:06
(1 day ago)
(xmlrpc) Failed xmlrpc access from 196.89.164.227 (MA/Morocco/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-14 05:01:06
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:01:02.466665 2026] [security2:error] [pid 2515:tid 2515] [client 196.89.164.227:44311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.89.164.227 (+1 hits since last alert)|kidswow.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kidswow.com"] [uri "/xmlrpc.php"] [unique_id "alXCjsVNEmvCHUon7lQE2AAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 03:33:02
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 23:32:55.504497 2026] [security2:error] [pid 20792:tid 20792] [client 196.89.164.227:57814] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.89.164.227 (+1 hits since last alert)|cemesur-vision21.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cemesur-vision21.com"] [uri "/xmlrpc.php"] [unique_id "alWt5xLHHnbLBgTiG2Um5QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 02:37:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 196.89.164.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:37:24.518664 2026] [security2:error] [pid 14927:tid 14927] [client 196.89.164.227:51898] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 196.89.164.227 (+1 hits since last alert)|madisonjazzorchestra.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "madisonjazzorchestra.com"] [uri "/xmlrpc.php"] [unique_id "alWg5JLKIQU3BgV95EwlHQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 01:36:53
(1 day ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=www.geomed.gr; logs=/var/log/httpd/domains/geomed.gr.log; s ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=www.geomed.gr; logs=/var/log/httpd/domains/geomed.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack