๐ฉ๐ช
neckaralb-admin.de
2026-07-01 11:13:31
(14 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ซ๐ท
dynamix
2026-07-01 09:55:40
(15 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ช๐ธ
alferez
2026-06-30 13:01:22
(1 day ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 10:50:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:50:21.692281 2026] [security2:error] [pid 9657:tid 9657] [client 217.165.238.124:64722] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|geckoturner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "geckoturner.com"] [uri "/xmlrpc.php"] [unique_id "akOfbS6eTO6GVn0GtxmOSQAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-29 13:24:12
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ซ๐ท
dynamix
2026-06-26 05:16:49
(5 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 11:38:49
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 07:38:41.725736 2026] [security2:error] [pid 26557:tid 26557] [client 217.165.238.124:44829] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|ucommsi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ucommsi.com"] [uri "/xmlrpc.php"] [unique_id "aj0TQbmihBne2K0pzJbMzAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 04:19:50
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 00:19:43.531386 2026] [security2:error] [pid 22817:tid 22817] [client 217.165.238.124:53132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|webuychesterfieldhouses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webuychesterfieldhouses.com"] [uri "/xmlrpc.php"] [unique_id "ajysX6oBD_aClCTPoFVarQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-23 07:35:17
(1 week ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 12:15:38
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 08:15:34.252714 2026] [security2:error] [pid 26132:tid 26132] [client 217.165.238.124:30107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|celebritybikinigossip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "celebritybikinigossip.com"] [uri "/xmlrpc.php"] [unique_id "ajknZkRnAlST6IMxY2P4NAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 10:06:03
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 06:05:56.316763 2026] [security2:error] [pid 28657:tid 28657] [client 217.165.238.124:16051] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|billwegener.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "billwegener.net"] [uri "/xmlrpc.php"] [unique_id "ajkJBL_P6DgjC3M1YVGgcQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-22 09:35:24
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 08:54:55
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 04:54:46.746086 2026] [security2:error] [pid 531:tid 531] [client 217.165.238.124:60503] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|nypatriotcards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nypatriotcards.com"] [uri "/xmlrpc.php"] [unique_id "ajj4Vpd7FR1Kwwm_8QkhmgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-06-22 04:26:52
(1 week ago)
217.165.238.124 - - [22/Jun/2026:12:26:30 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack b ...
show more
217.165.238.124 - - [22/Jun/2026:12:26:30 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack by WordPress.com"
217.165.238.124 - - [22/Jun/2026:12:26:40 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
217.165.238.124 - - [22/Jun/2026:12:26:50 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5867 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-20 09:19:03
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.n ...
show more
(mod_security) mod_security (id:240335) triggered by 217.165.238.124 (bba-217-165-238-124.alshamil.net.ae): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 05:18:56.203596 2026] [security2:error] [pid 15667:tid 15667] [client 217.165.238.124:37370] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.165.238.124 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "ajZbANbv7OFD6_90PvQvZQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack