๐บ๐ธ
TPI-Abuse
2026-07-06 19:10:53
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 15:10:49.529830 2026] [security2:error] [pid 5053:tid 5053] [client 37.230.158.42:62865] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|lightbender.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lightbender.net"] [uri "/xmlrpc.php"] [unique_id "akv9uVvuQ-Dy2R6jc3BATgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 03:21:04
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 01:22:14
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 21:22:10.763222 2026] [security2:error] [pid 6250:tid 6250] [client 37.230.158.42:52182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|frogdesignmexico.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frogdesignmexico.com"] [uri "/xmlrpc.php"] [unique_id "aksDQj5meO88Zxmj5PHXNgAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 23:18:23
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 19:18:20.014310 2026] [security2:error] [pid 4095:tid 4095] [client 37.230.158.42:50490] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|pharmaceuticalsalescareerhub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescareerhub.com"] [uri "/xmlrpc.php"] [unique_id "akrmPA2lwW5J9c6u9e6USQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 20:43:50
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:43:46.562173 2026] [security2:error] [pid 18727:tid 18727] [client 37.230.158.42:60040] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|odysseydogasporlari.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odysseydogasporlari.com"] [uri "/xmlrpc.php"] [unique_id "akrCAlPmphLp_7xAPIqRHgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 20:12:31
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 16:12:26.947404 2026] [security2:error] [pid 19013:tid 19013] [client 37.230.158.42:60642] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|wokedreamer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wokedreamer.com"] [uri "/xmlrpc.php"] [unique_id "akq6qiA5EIa-w5CBUZHMIwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-05 18:39:57
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
konseptit
2026-07-05 17:08:09
(3 days ago)
(wordpress) Failed wordpress login from 37.230.158.42 (RU/Russia/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-05 15:07:42
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.230.158.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 11:07:35.686213 2026] [security2:error] [pid 9154:tid 9154] [client 37.230.158.42:62099] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.230.158.42 (+1 hits since last alert)|cmcnow.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.com"] [uri "/xmlrpc.php"] [unique_id "akpzNxRGGmp3D4FDvNJ1-QAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-05 15:05:10
(3 days ago)
(wordpress) Failed wordpress login from 37.230.158.42 (RU/Russia/-)
Brute-Force
๐ฉ๐ช
YF
2026-07-05 10:10:17
(3 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
cwytech
2026-07-04 17:57:24
(4 days ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
Anonymous
2025-11-25 11:30:33
(7 months ago)
scanning http requests from known botnet
Web App Attack
Anonymous
2025-11-22 21:36:47
(7 months ago)
scanning http requests from known botnet
Web App Attack
Anonymous
2025-02-04 00:48:32
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH