๐บ๐ธ
TPI-Abuse
2026-07-11 14:01:52
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 10:01:45.066671 2026] [security2:error] [pid 25829:tid 25838] [client 202.141.67.138:35149] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|dasperformance.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dasperformance.com"] [uri "/xmlrpc.php"] [unique_id "alJMyRvJnHpxlJ7u5d7ZnwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
akasolutions.de
2026-07-11 13:41:23
(1 day ago)
(wordpress) Failed wordpress login from 202.141.67.138 (IN/India/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-11 13:36:59
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 09:36:53.382231 2026] [security2:error] [pid 30594:tid 30594] [client 202.141.67.138:32136] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|riser-astrology.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "riser-astrology.com"] [uri "/xmlrpc.php"] [unique_id "alJG9R3eazvJXNz5oVxp_wAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-11 13:27:33
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"]
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-11 11:26:02
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 11:09:39
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 07:09:34.355428 2026] [security2:error] [pid 25920:tid 25920] [client 202.141.67.138:24122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|crcponcha.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "crcponcha.com"] [uri "/xmlrpc.php"] [unique_id "alIkbl_fK-HacSTeJxPV9QAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 10:31:08
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 06:30:58.980862 2026] [security2:error] [pid 21654:tid 21654] [client 202.141.67.138:43822] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|dynamic-therapy-mn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "alIbYtx9kaLwdmJbXFPZkAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
oralunal
2026-07-11 10:30:57
(1 day ago)
IP banned by Fail2Ban in jail ente-suss ente.com-ssl_log mvfnds
...
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-11 10:15:33
(1 day ago)
5.597 post requests in 1 hour (5d23h21m)
Brute-Force
Bad Web Bot
๐ณ๐ฑ
javierin
2026-07-11 08:33:20
(1 day ago)
202.141.67.138 - javierin.com - - [11/Jul/2026:08:31:48 +0000] "POST /xmlrpc.php HTTP/1.1" 503 19271 ...
show more
202.141.67.138 - javierin.com - - [11/Jul/2026:08:31:48 +0000] "POST /xmlrpc.php HTTP/1.1" 503 19271 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:31:55 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18269 "-" "Jetpack/12.0; WordPress/6.4; http://site40825837.com"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:32:06 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18269 "-" "Jetpack by WordPress.com"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:32:16 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18269 "-" "Jetpack/12.5; WordPress/6.1; http://site58916816.com"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:32:27 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18297 "-" "WordPress.com; https://wordpress.com"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:32:37 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18269 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
202.141.67.138 - javierin.com - - [11/Jul/2026:08:32:48 +0000] "POST /xmlrpc.php
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 07:46:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:46:28.846430 2026] [security2:error] [pid 29839:tid 29839] [client 202.141.67.138:24197] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|frogdesignmexico.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frogdesignmexico.com"] [uri "/xmlrpc.php"] [unique_id "alH01IYxMSGcF8ROfi9l0gAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 07:30:30
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 202.141.67.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:30:18.467356 2026] [security2:error] [pid 19670:tid 19694] [client 202.141.67.138:24135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 202.141.67.138 (+1 hits since last alert)|koalacogs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "koalacogs.com"] [uri "/xmlrpc.php"] [unique_id "alHxClOZx4RFU9gkJ8XCfAAAAJY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-11 07:22:17
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ช๐ธ
SweetHoneyPress
2026-07-11 05:18:43
(1 day ago)
WordPress honeypot: POST to /xmlrpc.php | event_id=1026376 | UA: WordPress.com; https://wordpress.co ...
show more
WordPress honeypot: POST to /xmlrpc.php | event_id=1026376 | UA: WordPress.com; https://wordpress.com
show less
Web App Attack
Brute-Force
๐ฆ๐บ
screwlooseit.com.au
2026-07-11 04:48:36
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
IN/India/-
Web App Attack