Anonymous
2026-07-17 19:00:39
(1 hour ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐ซ๐ท
YF
2026-07-17 17:15:22
(3 hours ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-17 14:57:30
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 10:57:27.005712 2026] [security2:error] [pid 27807:tid 27807] [client 37.232.61.140:49193] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|yogawithbubba.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yogawithbubba.com"] [uri "/xmlrpc.php"] [unique_id "alpC14LN6TgNAiybfiJVSAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 13:48:05
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 09:47:58.896058 2026] [security2:error] [pid 30743:tid 30743] [client 37.232.61.140:53736] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|directcch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "directcch.com"] [uri "/xmlrpc.php"] [unique_id "ake9ju_4FAu4vRF8aFzLrQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 12:47:09
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 08:47:02.556704 2026] [security2:error] [pid 15282:tid 15282] [client 37.232.61.140:64329] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|capriexpress.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "capriexpress.com"] [uri "/xmlrpc.php"] [unique_id "akevRmDOA8K_kWvAUDSXXQAAACE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 19:00:47
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 15:00:42.981891 2026] [security2:error] [pid 10922:tid 10922] [client 37.232.61.140:63160] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|jeffmasonmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jeffmasonmusic.com"] [uri "/xmlrpc.php"] [unique_id "ajwpWlhVUqd08a2hv8qWBgAAACo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-24 16:14:06
(3 weeks ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-23 18:44:59
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 14:44:53.506192 2026] [security2:error] [pid 9671:tid 9671] [client 37.232.61.140:63311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|doreenkimura.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doreenkimura.com"] [uri "/xmlrpc.php"] [unique_id "ajrUJYZRmw1m1G7Z1IY5-gAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 15:30:38
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 11:30:32.839889 2026] [security2:error] [pid 2456:tid 2456] [client 37.232.61.140:49262] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|hookedupfishing.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hookedupfishing.net"] [uri "/xmlrpc.php"] [unique_id "ajqmmLoienEef9UMDTczhwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-06-22 19:23:50
(3 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐จ๐ฆ
polycoda
2026-06-22 15:06:25
(3 weeks ago)
๐ Wordpress login brute force attempt
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 17:51:22
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:51:14.362511 2026] [security2:error] [pid 12669:tid 12669] [client 37.232.61.140:55640] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|gellertdealers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gellertdealers.com"] [uri "/xmlrpc.php"] [unique_id "ajgkknLvAVJj5-ES1twbmwAAAEg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-06-13 19:58:03
(1 month ago)
trying wp-login.php/xmlrpc.php 34 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 09:53:05
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 05:53:00.523936 2026] [security2:error] [pid 32710:tid 32710] [client 37.232.61.140:58488] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|onlinesuretybonds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "onlinesuretybonds.com"] [uri "/xmlrpc.php"] [unique_id "ai0ofHOgsp8OnnM781PfKwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 19:00:08
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.232.61.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:00:03.632175 2026] [security2:error] [pid 16091:tid 16091] [client 37.232.61.140:53858] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.232.61.140 (+1 hits since last alert)|theamarals.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "aim0MwKi-6VFy0hKdKuM5QAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack