Anonymous
2026-07-16 21:38:03
(55 minutes ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 15:31:29
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 11:31:23.232982 2026] [security2:error] [pid 6446:tid 6446] [client 202.141.46.173:50465] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.46.173 (+1 hits since last alert)|davidquiroa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "davidquiroa.com"] [uri "/xmlrpc.php"] [unique_id "alj5S312NL98TklJoUtzlAAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 15:00:42
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 11:00:33.939663 2026] [security2:error] [pid 30734:tid 30734] [client 202.141.46.173:48384] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.46.173 (+1 hits since last alert)|sacoriverjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sacoriverjazz.org"] [uri "/xmlrpc.php"] [unique_id "aljyESbmrgShjvuQPUP2YAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 13:47:21
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:47:16.586602 2026] [security2:error] [pid 8545:tid 8545] [client 202.141.46.173:56888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.46.173 (+1 hits since last alert)|36sovereignchambers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "36sovereignchambers.com"] [uri "/xmlrpc.php"] [unique_id "aljg5AfxxGGkbU9RCoNzqQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-16 13:46:55
(8 hours ago)
(wordpress) Failed wordpress login from 202.141.46.173 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 04:56:22
(17 hours ago)
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 00:56:15.932048 2026] [security2:error] [pid 19911:tid 19911] [client 202.141.46.173:56878] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.46.173 (+1 hits since last alert)|produktives.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "produktives.com"] [uri "/xmlrpc.php"] [unique_id "alhkb8tWuQF-uWAgxVLyegAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-16 00:47:24
(21 hours ago)
4.338 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
rh24
2026-07-16 00:23:04
(22 hours ago)
(wordpress) Failed wordpress login from 202.141.46.173 (IN/India/-): (CF_ENABLE)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-15 22:20:44
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 18:20:36.097059 2026] [security2:error] [pid 29388:tid 29388] [client 202.141.46.173:50535] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.46.173 (+1 hits since last alert)|thebrotherhoodlounge.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thebrotherhoodlounge.com"] [uri "/xmlrpc.php"] [unique_id "algHtGNoWtFVfFxnId8UXAAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-15 15:11:25
(1 day ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: /xmlrpc.php | UA: Jetpack by WordPress.com (Jetpack 13.0; WordPre ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: /xmlrpc.php | UA: Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-15 06:15:10
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 20:03:06
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 202.141.46.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:02:58.074099 2026] [security2:error] [pid 3088:tid 3088] [client 202.141.46.173:59202] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||n4fh.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "n4fh.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWgcnKs2xH68Z0sczX6cwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-03-06 12:28:44
(4 months ago)
Unauthorized connection attempt on Port 2323
Port Scan
Hacking
Exploited Host