๐บ๐ธ
TPI-Abuse
2026-07-01 07:45:25
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 03:45:22.106260 2026] [security2:error] [pid 2919:tid 2919] [client 20.78.132.202:6145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 20.78.132.202 (+1 hits since last alert)|36sovereignchambers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "36sovereignchambers.com"] [uri "/xmlrpc.php"] [unique_id "akTFkqiCCzk-VCJwxy20wgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-01 07:41:39
(23 hours ago)
[WedJul0109:41:35.2222992026][security2:error][pid1268230:tid1268249][client20.78.132.202:0]ModSecur ...
show more
[WedJul0109:41:35.2222992026][security2:error][pid1268230:tid1268249][client20.78.132.202:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(curl\|wget\|python\|nikto\|sqlmap\|acunetix\|fimap\|dirbuster\|cmsmap\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"217\"][id\"990210\"][msg\"Suspicioususer-agentblocked\"][hostname\"orabonastudio.it\"][uri\"/\"][unique_id\"akTEr7Xoh7Vqu_dPTj33TQAAAAg\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 07:15:51
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 03:15:46.489865 2026] [security2:error] [pid 5007:tid 5007] [client 20.78.132.202:6343] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 20.78.132.202 (+1 hits since last alert)|newmooncafe.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newmooncafe.com"] [uri "/xmlrpc.php"] [unique_id "akS-ok5ZnKNymEz-2my7WwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
ciccio diddo
2026-07-01 07:10:06
(1 day ago)
CMS/WP Exploit xmlrpc port:Tcp/80,443
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-01 07:09:55
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2026-07-01 07:01:42
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-01 06:25:58
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 06:23:25
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 02:23:18.975459 2026] [security2:error] [pid 4275:tid 4275] [client 20.78.132.202:6607] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 20.78.132.202 (+1 hits since last alert)|savingspools.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "savingspools.com"] [uri "/xmlrpc.php"] [unique_id "akSyVllQWKJFGoZpTykDhwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
MarkGGN
2026-07-01 05:57:12
(1 day ago)
Web attack. 20.78.132.202 - - [01/Jul/2026:07:57:10 +0200] "GET /wp-content/plugins/fix/up.php HTTP/ ...
show more
Web attack. 20.78.132.202 - - [01/Jul/2026:07:57:10 +0200] "GET /wp-content/plugins/fix/up.php HTTP/2.0" 404 36 "http://*/wp-content/plugins/fix/up.php" "Mozilla/5.0"
20.78.132.202 - - [01/Jul/2026:07:57:11 +0200] "GET /wp-content/plugins/fix/up.php HTTP/2.0" 404 36 "-" "Mozilla/5.0"
show less
Web App Attack
๐ฉ๐ช
Marc
2026-07-01 05:23:08
(1 day ago)
20.78.132.202 - - [01/Jul/2026:07:23:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3376 "-" "Mozilla/5.0 ...
show more
20.78.132.202 - - [01/Jul/2026:07:23:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3376 "-" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.78.132.202 - - [01/Jul/2026:07:23:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3376 "-" "Mozilla/5.0 (Linux; Android 14; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Mobile Safari/537.36" 20.78.132.202 - - [01/Jul/2026:07:23:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3377 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
show less
Brute-Force
Web App Attack
๐ฎ๐น
Inartis
2026-07-01 04:47:12
(1 day ago)
20.78.132.202 - - [01/Jul/2026:06:47:11 +0200] "GET /xmlrpc.php HTTP/1.1" 403 5223 "-" "Mozilla/5.0 ...
show more
20.78.132.202 - - [01/Jul/2026:06:47:11 +0200] "GET /xmlrpc.php HTTP/1.1" 403 5223 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-01 04:33:56
(1 day ago)
Wordpress Vunerability attack
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-07-01 04:23:43
(1 day ago)
Wordpress malicious attack:[octascan]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 04:07:31
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 20.78.132.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 00:07:25.185841 2026] [security2:error] [pid 21531:tid 21531] [client 20.78.132.202:6545] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 20.78.132.202 (+1 hits since last alert)|georgegourmet.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgegourmet.com"] [uri "/xmlrpc.php"] [unique_id "akSSfc-IvCw0OeX7Ce2ZwwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 03:40:29
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack