π«π·
dynamix
2026-06-04 09:04:17
(4 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-04 06:15:26
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:15:05.215804 2026] [security2:error] [pid 8241:tid 8241] [client 197.186.73.154:52222] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|mchen-arch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mchen-arch.com"] [uri "/xmlrpc.php"] [unique_id "aiEX6becyH-vRg2U7WzUYwAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-03 20:30:20
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 16:30:13.362215 2026] [security2:error] [pid 21605:tid 21605] [client 197.186.73.154:49208] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|gacstoday.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gacstoday.com"] [uri "/xmlrpc.php"] [unique_id "aiCO1W00iNK9UT3ZicgrBQAAACw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
screwlooseit.com.au
2026-06-03 19:57:50
(4 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
TZ/Tanzania/154-73-186-197.r.airtel.co.tz
Web App Attack
π©πͺ
yvoictra
2026-06-03 18:56:14
(4 weeks ago)
197.186.73.154 - - [03/Jun/2026:20:55:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by ...
show more
197.186.73.154 - - [03/Jun/2026:20:55:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
197.186.73.154 - - [03/Jun/2026:20:55:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
197.186.73.154 - - [03/Jun/2026:20:55:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
197.186.73.154 - - [03/Jun/2026:20:55:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "WordPress.com; https://wordpress.com"
197.186.73.154 - - [03/Jun/2026:20:56:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "WordPress.com; https://wordpress.com"
197.186.73.154 - - [03/Jun/2026:20:56:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack/12.0; WordPress/6.4; http://site19631038.com"
...
show less
Brute-Force
Web App Attack
π©πͺ
grassau.com
2026-06-03 02:32:38
(1 month ago)
(wordpress) Failed wordpress login from 197.186.73.154 (TZ/Tanzania/Dar es Salaam Region/Dar es Sala ...
show more
(wordpress) Failed wordpress login from 197.186.73.154 (TZ/Tanzania/Dar es Salaam Region/Dar es Salaam/154-73-186-197.r.airtel.co.tz)
show less
Brute-Force
π«π·
applemooz
2026-06-02 21:39:18
(1 month ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-02 19:25:25
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:25:19.177833 2026] [security2:error] [pid 4029:tid 4029] [client 197.186.73.154:63167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|bosdkbook.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bosdkbook.com"] [uri "/xmlrpc.php"] [unique_id "ah8uH-n9lpAdfQe3OS5b0wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-02 17:20:10
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:20:01.463854 2026] [security2:error] [pid 11662:tid 11662] [client 197.186.73.154:60085] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|abilityengraving.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abilityengraving.com"] [uri "/xmlrpc.php"] [unique_id "ah8QwUxB-cm3BhWhWC9bRAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-02 13:31:58
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 09:31:54.268088 2026] [security2:error] [pid 18985:tid 19017] [client 197.186.73.154:57162] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|pilargarciamanzanares.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pilargarciamanzanares.com"] [uri "/xmlrpc.php"] [unique_id "ah7bSh3iUEX2G4cIFurnWwAAAM8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-02 11:58:03
(1 month ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
π³π±
debestelapp
2026-06-02 08:30:06
(1 month ago)
Web App Attack
Anonymous
2026-06-01 16:09:22
(1 month ago)
Bad Web Bot
Web App Attack
Anonymous
2026-06-01 16:08:01
(1 month ago)
[redacted] 197.186.73.154 - - [01/Jun/2026:18:07:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 197.186.73.154 - - [01/Jun/2026:18:07:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.3; http://site30042132.com"
[redacted] 197.186.73.154 - - [01/Jun/2026:18:07:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.4; http://site57217367.com"
laufzeit.de 197.186.73.154 - - [01/Jun/2026:18:07:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.2; http://site33391502.com"
[redacted] 197.186.73.154 - - [01/Jun/2026:18:07:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
laufzeit.de 197.186.73.154 - - [01/Jun/2026:18:08:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-01 11:53:36
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): ...
show more
(mod_security) mod_security (id:240335) triggered by 197.186.73.154 (154-73-186-197.r.airtel.co.tz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 07:53:33.276684 2026] [security2:error] [pid 19701:tid 19701] [client 197.186.73.154:51937] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.186.73.154 (+1 hits since last alert)|robinsnestingplace.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "robinsnestingplace.net"] [uri "/xmlrpc.php"] [unique_id "ah1yveLeIzI_JFosOVDjiAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack