๐บ๐ธ
TPI-Abuse
2026-07-06 22:54:31
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 18:54:24.991865 2026] [security2:error] [pid 25592:tid 25602] [client 31.130.128.232:61875] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 31.130.128.232 (+1 hits since last alert)|supercyprus.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "supercyprus.com"] [uri "/xmlrpc.php"] [unique_id "akwyIOhMFC7b9xZ1DbgLQAAAAME"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-03 10:11:51
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-06-27 00:36:44
(1 week ago)
3.386 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 00:14:47
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 20:14:40.557951 2026] [security2:error] [pid 31262:tid 31262] [client 31.130.128.232:51808] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 31.130.128.232 (+1 hits since last alert)|danielbrower.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "danielbrower.com"] [uri "/xmlrpc.php"] [unique_id "aj8V8Ii7qco2i8xxc9WYRQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-13 23:47:16
(3 weeks ago)
31.130.128.232 - - [14/Jun/2026:01:47:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
31.130.128.232 - ...
show more
31.130.128.232 - - [14/Jun/2026:01:47:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
31.130.128.232 - - [14/Jun/2026:01:47:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
...
show less
Brute-Force
Bad Web Bot
๐ธ๐ช
vaia.cloud
2026-06-13 23:22:04
(3 weeks ago)
trying wp-login.php/xmlrpc.php 33 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 22:48:20
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:48:14.305221 2026] [security2:error] [pid 27444:tid 27444] [client 31.130.128.232:57567] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 31.130.128.232 (+1 hits since last alert)|mrccertification.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mrccertification.com"] [uri "/xmlrpc.php"] [unique_id "ai3eLrSp5LPzFxZ8XoEWoQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐พ
lns.bz
2026-06-12 22:41:39
(3 weeks ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
Anonymous
2026-06-12 16:51:17
(3 weeks ago)
[redacted] 31.130.128.232 - - [12/Jun/2026:18:50:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 31.130.128.232 - - [12/Jun/2026:18:50:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site94137444.com"
[redacted] 31.130.128.232 - - [12/Jun/2026:18:50:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 31.130.128.232 - - [12/Jun/2026:18:50:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 31.130.128.232 - - [12/Jun/2026:18:51:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.1; http://site15979957.com"
[redacted] 31.130.128.232 - - [12/Jun/2026:18:51:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
...
show less
Hacking
Web App Attack
Anonymous
2026-06-10 18:50:12
(3 weeks ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 16:17:05
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 12:17:01.456514 2026] [security2:error] [pid 15511:tid 15511] [client 31.130.128.232:63136] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 31.130.128.232 (+1 hits since last alert)|jbernsteinpc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jbernsteinpc.com"] [uri "/xmlrpc.php"] [unique_id "aimN_ScOzJuvqrxYvUt7QgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-06-10 15:00:59
(3 weeks ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-10 13:45:48
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 31.130.128.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 09:45:39.362134 2026] [security2:error] [pid 8447:tid 8447] [client 31.130.128.232:59991] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 31.130.128.232 (+1 hits since last alert)|k2servicesinc.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "k2servicesinc.net"] [uri "/xmlrpc.php"] [unique_id "ailqgx6L8nSSVkhhX6BTHwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-06-05 23:40:09
(1 month ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
Anonymous
2026-06-05 18:13:50
(1 month ago)
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.1; http://site28636242.com"
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)"
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 31.130.128.232 - - [05/Jun/2026:20:13:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site94555240.com"
...
show less
Hacking
Web App Attack