๐บ๐ธ
TPI-Abuse
2026-07-12 13:17:20
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 09:17:12.353507 2026] [security2:error] [pid 19734:tid 19734] [client 217.164.119.81:51205] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.164.119.81 (+1 hits since last alert)|bostonmarathonstories.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bostonmarathonstories.com"] [uri "/xmlrpc.php"] [unique_id "alOT2FArrx0ZA-SzZUoV7gAAACg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 10:10:54
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 06:10:47.186371 2026] [security2:error] [pid 24344:tid 24344] [client 217.164.119.81:56600] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.164.119.81 (+1 hits since last alert)|seabreezeculvert.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seabreezeculvert.com"] [uri "/xmlrpc.php"] [unique_id "alNoJ7ehsUosEIsQU_c3jQAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-11 16:59:04
(22 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ซ๐ท
dynamix
2026-07-11 16:58:37
(22 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-11 07:26:20
(1 day ago)
[redacted] 217.164.119.81 - - [11/Jul/2026:09:25:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" " ...
show more
[redacted] 217.164.119.81 - - [11/Jul/2026:09:25:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
[redacted] 217.164.119.81 - - [11/Jul/2026:09:25:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.1; WordPress/6.4; http://site39923238.com"
[redacted] 217.164.119.81 - - [11/Jul/2026:09:25:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com"
[redacted] 217.164.119.81 - - [11/Jul/2026:09:26:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
[redacted] 217.164.119.81 - - [11/Jul/2026:09:26:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
Anonymous
2026-07-10 17:39:12
(1 day ago)
[redacted] 217.164.119.81 - - [10/Jul/2026:19:38:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" " ...
show more
[redacted] 217.164.119.81 - - [10/Jul/2026:19:38:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
[redacted] 217.164.119.81 - - [10/Jul/2026:19:38:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com"
[redacted] 217.164.119.81 - - [10/Jul/2026:19:38:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
[redacted] 217.164.119.81 - - [10/Jul/2026:19:39:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
[redacted] 217.164.119.81 - - [10/Jul/2026:19:39:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-10 14:43:37
(2 days ago)
217.164.119.81 - - [10/Jul/2026:10:41:50 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress. ...
show more
217.164.119.81 - - [10/Jul/2026:10:41:50 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
217.164.119.81 - - [10/Jul/2026:10:42:43 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
217.164.119.81 - - [10/Jul/2026:10:43:04 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
217.164.119.81 - - [10/Jul/2026:10:43:25 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
217.164.119.81 - - [10/Jul/2026:10:43:36 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
Anonymous
2026-07-10 13:38:33
(2 days ago)
217.164.119.81 - - [10/Jul/2026:15:37:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by ...
show more
217.164.119.81 - - [10/Jul/2026:15:37:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
217.164.119.81 - - [10/Jul/2026:15:38:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
217.164.119.81 - - [10/Jul/2026:15:38:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
217.164.119.81 - - [10/Jul/2026:15:38:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
217.164.119.81 - - [10/Jul/2026:15:38:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-10 13:38:21
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 10:59:09
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 06:59:02.318647 2026] [security2:error] [pid 5840:tid 5840] [client 217.164.119.81:64979] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.164.119.81 (+1 hits since last alert)|bernsteinip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bernsteinip.com"] [uri "/xmlrpc.php"] [unique_id "alDQdtOfhx1OBG6rdTY9HgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 18:32:00
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 14:31:53.578151 2026] [security2:error] [pid 13955:tid 13955] [client 217.164.119.81:59496] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.164.119.81 (+1 hits since last alert)|diamondtrailerserv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "diamondtrailerserv.com"] [uri "/xmlrpc.php"] [unique_id "ak6XmbcTaaGhBufgO5O8TwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-08 08:29:33
(4 days ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-07 16:44:41
(4 days ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 06:25:27
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.164.119.81 (bba-217-164-119-81.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 02:25:20.779145 2026] [security2:error] [pid 18259:tid 18269] [client 217.164.119.81:57414] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.164.119.81 (+1 hits since last alert)|abusaimeh.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abusaimeh.com"] [uri "/xmlrpc.php"] [unique_id "akyb0PLFyj1E8EUkGCa7UwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-10 14:52:11
(7 months ago)
"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ...
show more
"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access"
show less
DDoS Attack
SQL Injection
Exploited Host