πΊπΈ
TPI-Abuse
2026-07-12 17:40:32
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.m ...
show more
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.mz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 13:40:27.193837 2026] [security2:error] [pid 25428:tid 25428] [client 197.249.111.16:11469] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.249.111.16 (+1 hits since last alert)|odinathletes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odinathletes.com"] [uri "/xmlrpc.php"] [unique_id "alPRi-UDCeNjMNut3tXAmgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
integrantservices.com
2026-07-12 13:29:33
(10 hours ago)
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co. ...
show more
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co.mz)
show less
Brute-Force
Anonymous
2026-07-10 13:28:52
(2 days ago)
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/Cidade de Maputo/Maputo/cust16 ...
show more
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/Cidade de Maputo/Maputo/cust16-111-249-197.netcabo.co.mz/[redacted])
show less
Brute-Force
πΊπΈ
IndigoRidge
2026-07-10 11:26:28
(2 days ago)
197.249.111.16 - - [10/Jul/2026:07:25:44 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "WordPress. ...
show more
197.249.111.16 - - [10/Jul/2026:07:25:44 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "WordPress.com; https://wordpress.com"
197.249.111.16 - - [10/Jul/2026:07:25:55 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
197.249.111.16 - - [10/Jul/2026:07:26:06 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "WordPress.com; https://wordpress.com"
197.249.111.16 - - [10/Jul/2026:07:26:16 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "WordPress.com; https://wordpress.com"
197.249.111.16 - - [10/Jul/2026:07:26:27 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5095 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 14:15:45
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.m ...
show more
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.mz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 10:15:38.723699 2026] [security2:error] [pid 21260:tid 21260] [client 197.249.111.16:10780] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.249.111.16 (+1 hits since last alert)|modalsoftware.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "modalsoftware.com"] [uri "/xmlrpc.php"] [unique_id "ak5bijS-Q20eqgQq3Ro4bgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
4server
2026-07-07 10:36:13
(5 days ago)
[TueJul0712:36:09.9930992026][security2:error][pid1231646:tid1231683][client197.249.111.16:0]ModSecu ...
show more
[TueJul0712:36:09.9930992026][security2:error][pid1231646:tid1231683][client197.249.111.16:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"avcolor.ch\"][uri\"/xmlrpc.php\"][unique_id\"akzWmRIqUGn7IdNfPKzdNwAAABc\"]
show less
Port Scan
Brute-Force
Web App Attack
πͺπΈ
masterguru
2026-07-07 09:32:01
(5 days ago)
(xmlrpc) Failed xmlrpc access from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co.mz): ...
show more
(xmlrpc) Failed xmlrpc access from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co.mz): 5 in the last 3600 secs (0-122)
show less
Hacking
πΊπΈ
integrantservices.com
2026-07-07 09:27:55
(5 days ago)
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co. ...
show more
(wordpress) Failed wordpress login from 197.249.111.16 (MZ/Mozambique/cust16-111-249-197.netcabo.co.mz)
show less
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-07 06:14:15
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.m ...
show more
(mod_security) mod_security (id:240335) triggered by 197.249.111.16 (cust16-111-249-197.netcabo.co.mz): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 02:14:09.781939 2026] [security2:error] [pid 12967:tid 12967] [client 197.249.111.16:50468] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.249.111.16 (+1 hits since last alert)|kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kbalan.com"] [uri "/xmlrpc.php"] [unique_id "akyZMVuimLCzSmyerLZ6SwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
oralunal
2026-07-06 17:36:18
(6 days ago)
IP banned by Fail2Ban in jail ente-suss ente.com-ssl_log mvfnds
...
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 17:35:17
(6 days ago)
197.249.111.16 - - [06/Jul/2026:19:34:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/13. ...
show more
197.249.111.16 - - [06/Jul/2026:19:34:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/13.0; WordPress/6.1; http://site50331193.com"
197.249.111.16 - - [06/Jul/2026:19:34:56 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/13.0; WordPress/6.1; http://site50331193.com"
197.249.111.16 - - [06/Jul/2026:19:35:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
197.249.111.16 - - [06/Jul/2026:19:35:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
197.249.111.16 - - [06/Jul/2026:19:35:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.5; WordPress/6.4; http://site29111589.com"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-07-06 13:40:23
(6 days ago)
197.249.111.16 - - [06/Jul/2026:15:40:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
197.249.111.16 - ...
show more
197.249.111.16 - - [06/Jul/2026:15:40:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
197.249.111.16 - - [06/Jul/2026:15:40:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
...
show less
Brute-Force
Bad Web Bot
πΊπΈ
WeekendWeb
2026-07-06 10:13:33
(6 days ago)
Wordpress Vunerability attack
Web App Attack
π©πͺ
abdubhai
2026-07-06 09:11:12
(6 days ago)
197.249.111.16 - - [06/Jul/2026:
...
Brute-Force
π«π·
masterguru
2026-07-06 05:19:31
(6 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking