๐ฉ๐ช
pscriptos
2026-07-07 22:31:43
(2 days ago)
{"ClientAddr":"209.198.132.159:56692","ClientHost":"209.198.132.159","ClientPort":"56692","ClientUse ...
show more
{"ClientAddr":"209.198.132.159:56692","ClientHost":"209.198.132.159","ClientPort":"56692","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":432030633,"OriginContentSize":418,"OriginDuration":419373387,"OriginStatus":403,"Overhead":12657246,"RequestAddr":"www.cleveradmin.de","RequestContentSize":716,"RequestCount":556889,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-07-08T00:31:17.809643357+02:00","StartUTC":"2026-07-07T22:31:17.809643357Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-07-08T00:31:18+02:00"}
{"ClientAddr":"209.198.132.159:56692","ClientHost":"209.198.13
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-07 18:58:20
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ฎ
YF
2026-07-06 23:00:30
(3 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-05 16:40:51
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 12:40:46.524622 2026] [security2:error] [pid 29295:tid 29295] [client 209.198.132.159:11322] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|indiahouseportland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "indiahouseportland.com"] [uri "/xmlrpc.php"] [unique_id "akqJDip9dabI-o8p1QIAggAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-07-05 16:38:24
(5 days ago)
Multiple WP Login Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-05 05:34:05
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 01:34:01.765764 2026] [security2:error] [pid 13203:tid 13222] [client 209.198.132.159:50834] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|reghay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reghay.com"] [uri "/xmlrpc.php"] [unique_id "aknsySAdmpeuUc8XxAnWVAAAAJA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 04:31:57
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 00:31:52.464228 2026] [security2:error] [pid 18104:tid 18104] [client 209.198.132.159:12513] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|smoothiessoupssalads.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smoothiessoupssalads.com"] [uri "/xmlrpc.php"] [unique_id "akneOF7CeTY1bT6jLt0JNAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-05 02:57:02
(5 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
Anonymous
2026-07-04 22:53:13
(5 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-04 22:22:25
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 18:22:22.164873 2026] [security2:error] [pid 8108:tid 8108] [client 209.198.132.159:29757] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|braintechsoftwaresolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "braintechsoftwaresolutions.com"] [uri "/xmlrpc.php"] [unique_id "akmHno-fDahBEWFNroWrxwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 17:02:28
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 13:02:24.874995 2026] [security2:error] [pid 29373:tid 29373] [client 209.198.132.159:52338] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|saynotoofland.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "saynotoofland.org"] [uri "/xmlrpc.php"] [unique_id "akk8oN0s8rCUjOxMNi1UFgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-04 04:49:21
(6 days ago)
(wordpress) Failed wordpress login from 209.198.132.159 (YE/Yemen/customer.frntdeu1.isp.starlink.com ...
show more
(wordpress) Failed wordpress login from 209.198.132.159 (YE/Yemen/customer.frntdeu1.isp.starlink.com)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-03 21:08:22
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:08:17.731376 2026] [security2:error] [pid 20857:tid 20857] [client 209.198.132.159:28154] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|soundtrax.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "soundtrax.net"] [uri "/xmlrpc.php"] [unique_id "akgkwWf39wLV8QYZuQEdDwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:38:27
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 209.198.132.159 (customer.frntdeu1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:38:21.686666 2026] [security2:error] [pid 1576:tid 1576] [client 209.198.132.159:12789] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 209.198.132.159 (+1 hits since last alert)|fadcometal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fadcometal.com"] [uri "/xmlrpc.php"] [unique_id "akgdvXxwPbGjq7wWpwcLcwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Dave Hansen
2026-07-03 17:23:08
(1 week ago)
(wordpress) Failed wordpress login from 209.198.132.159 (YE/Yemen/customer.frntdeu1.isp.starlink.com ...
show more
(wordpress) Failed wordpress login from 209.198.132.159 (YE/Yemen/customer.frntdeu1.isp.starlink.com)
show less
Brute-Force