Anonymous
2026-07-16 09:27:25
(19 hours ago)
WordPress Brute Force
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 07:13:41
(21 hours ago)
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:13:37.730969 2026] [security2:error] [pid 18572:tid 18572] [client 217.165.146.79:56960] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.146.79 (+1 hits since last alert)|36sovereignchambers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "36sovereignchambers.com"] [uri "/xmlrpc.php"] [unique_id "aliEoVuY61lxZKd_xiC3yAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-15 11:20:15
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 10:54:42
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:54:34.592677 2026] [security2:error] [pid 2342796:tid 2342796] [client 217.165.146.79:54166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.146.79 (+1 hits since last alert)|baselinesc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "baselinesc.com"] [uri "/xmlrpc.php"] [unique_id "aldm6o3iPPeJbynzMPyulwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 10:52:21
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 06:27:20
(1 day ago)
(wordpress) Failed wordpress login from 217.165.146.79 (AE/United Arab Emirates/bba-217-165-146-79.a ...
show more
(wordpress) Failed wordpress login from 217.165.146.79 (AE/United Arab Emirates/bba-217-165-146-79.alshamil.net.ae)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-14 11:08:48
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:08:42.807778 2026] [security2:error] [pid 19050:tid 19074] [client 217.165.146.79:38951] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.146.79 (+1 hits since last alert)|jofdt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jofdt.com"] [uri "/xmlrpc.php"] [unique_id "alYYuo-bhF36NUN1rxkXBwAAANU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-13 12:30:31
(3 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-13 08:34:45
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.146.79 (bba-217-165-146-79.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 04:34:40.018048 2026] [security2:error] [pid 13312:tid 13312] [client 217.165.146.79:24111] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.146.79 (+1 hits since last alert)|thepercussionworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thepercussionworks.com"] [uri "/xmlrpc.php"] [unique_id "alSjIMZmQ-O2F3WgVlZRXwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-13 07:03:35
(3 days ago)
217.165.146.79 - - [13/Jul/2026:03:01:49 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress. ...
show more
217.165.146.79 - - [13/Jul/2026:03:01:49 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
217.165.146.79 - - [13/Jul/2026:03:02:31 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
217.165.146.79 - - [13/Jul/2026:03:02:42 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
217.165.146.79 - - [13/Jul/2026:03:03:13 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
217.165.146.79 - - [13/Jul/2026:03:03:35 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5516 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐ฉ๐ช
LRob
2026-07-13 06:59:24
(3 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)","Jetpack/13.0; WordPress/6.3; http:
show less
Brute-Force
Web App Attack
๐ซ๐ท
bgg
2022-01-07 01:45:17
(4 years ago)
Participated in a massive distributed web scraping
Bad Web Bot
๐ซ๐ท
bgg
2022-01-06 11:37:29
(4 years ago)
Participated in a massive distributed web scraping
Bad Web Bot