Anonymous
2026-07-15 12:03:21
(1 hour ago)
[redacted] 27.121.100.176 - - [15/Jul/2026:14:02:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 27.121.100.176 - - [15/Jul/2026:14:02:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 27.121.100.176 - - [15/Jul/2026:14:02:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site73707479.com"
[redacted] 27.121.100.176 - - [15/Jul/2026:14:02:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 27.121.100.176 - - [15/Jul/2026:14:03:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 27.121.100.176 - - [15/Jul/2026:14:03:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site27337579.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 11:34:12
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:34:05.934506 2026] [security2:error] [pid 2701:tid 2701] [client 27.121.100.176:28257] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.176 (+1 hits since last alert)|brushmileage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brushmileage.org"] [uri "/xmlrpc.php"] [unique_id "aldwLYnNCMrnmCJRQW_2EAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-15 06:25:49
(6 hours ago)
4.758 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
Anonymous
2026-07-15 03:26:00
(9 hours ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/we ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/weihnachtsbasar-athen.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 11:30:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:30:21.241657 2026] [security2:error] [pid 27039:tid 27039] [client 27.121.100.176:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.176 (+1 hits since last alert)|bbproductionsonline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bbproductionsonline.com"] [uri "/xmlrpc.php"] [unique_id "alYdzVKim9MO8uiwQ1lSMwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 10:29:14
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 06:29:09.343578 2026] [security2:error] [pid 20133:tid 20133] [client 27.121.100.176:27623] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.176 (+1 hits since last alert)|susanleeward.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "susanleeward.com"] [uri "/xmlrpc.php"] [unique_id "alYPdQqOnmfrk_NquCuP7AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-14 08:54:36
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
abdubhai
2026-07-14 07:21:23
(1 day ago)
27.121.100.176 - - [14/Jul/2026:
...
Brute-Force
Anonymous
2026-07-14 06:20:08
(1 day ago)
[redacted] 27.121.100.176 - - [14/Jul/2026:08:19:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" " ...
show more
[redacted] 27.121.100.176 - - [14/Jul/2026:08:19:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
[redacted] 27.121.100.176 - - [14/Jul/2026:08:19:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com"
[redacted] 27.121.100.176 - - [14/Jul/2026:08:19:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com"
[redacted] 27.121.100.176 - - [14/Jul/2026:08:19:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
[redacted] 27.121.100.176 - - [14/Jul/2026:08:20:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 04:49:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:49:28.716287 2026] [security2:error] [pid 13262:tid 13278] [client 27.121.100.176:28130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.176 (+1 hits since last alert)|nabsci.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nabsci.com"] [uri "/xmlrpc.php"] [unique_id "alW_2L89SsAyRhqQ8PFRRwAAAQ4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 03:07:22
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 23:07:15.954082 2026] [security2:error] [pid 23340:tid 23340] [client 27.121.100.176:27872] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.176 (+1 hits since last alert)|waterspell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterspell.net"] [uri "/xmlrpc.php"] [unique_id "alWn4-X4QC_osyX3Jfbj9wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-13 15:15:53
(1 day ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
WeekendWeb
2026-07-13 13:44:14
(1 day ago)
Wordpress Vunerability attack
Web App Attack
Anonymous
2026-07-13 13:14:03
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
Sรฉfora Srl
2026-07-13 13:04:20
(2 days ago)
Failed attempt detected by Fail2Ban in plesk-modsecurity jail
Web App Attack