π«π·
dynamix
2026-07-01 00:41:14
(6 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
π³π±
ipoac.nl
2026-07-01 00:39:40
(6 days ago)
2026-07-01T02:39:39.056609+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 39. ...
show more
2026-07-01T02:39:39.056609+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 39.35.192.121
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-01 00:12:41
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 20:12:37.882171 2026] [security2:error] [pid 21502:tid 21608] [client 39.35.192.121:58150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.192.121 (+1 hits since last alert)|tsengkwongchi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tsengkwongchi.com"] [uri "/xmlrpc.php"] [unique_id "akRbdfkFLCy4ufBWcER37wAAAg4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
ipoac.nl
2026-07-01 00:12:34
(6 days ago)
2026-07-01T02:12:33.281434+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 39. ...
show more
2026-07-01T02:12:33.281434+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 39.35.192.121
show less
Web App Attack
π³π±
Site.eu
2026-06-30 23:04:26
(6 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
πΉπ
thaizone.com
2026-06-30 22:36:36
(6 days ago)
Brute-forcing login against websites (D1-1) #1
Web App Attack
Hacking
π©πͺ
konseptit
2026-06-30 22:34:12
(6 days ago)
(wordpress) Failed wordpress login from 39.35.192.121 (PK/Pakistan/-)
Brute-Force
πΊπΈ
TPI-Abuse
2026-06-30 21:59:24
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 17:59:19.728794 2026] [security2:error] [pid 28006:tid 28006] [client 39.35.192.121:5730] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.192.121 (+1 hits since last alert)|rimaine.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rimaine.org"] [uri "/xmlrpc.php"] [unique_id "akQ8N8VbnWr1iGlkhrUH2wAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
integrantservices.com
2026-06-30 21:43:35
(6 days ago)
(wordpress) Failed wordpress login from 39.35.192.121 (PK/Pakistan/-)
Brute-Force
πΊπΈ
lostswordfish.com
2026-06-30 21:40:05
(6 days ago)
Wordfence waf block on hope4scranton
Web App Attack
Anonymous
2026-06-30 21:30:02
(6 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-30 21:14:56
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 17:14:48.556776 2026] [security2:error] [pid 31626:tid 31626] [client 39.35.192.121:20925] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.192.121 (+1 hits since last alert)|michelehoop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michelehoop.com"] [uri "/xmlrpc.php"] [unique_id "akQxyCzlxJbRGV4XdNuKFAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-30 20:33:37
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 16:33:31.632819 2026] [security2:error] [pid 24350:tid 24350] [client 39.35.192.121:59654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.192.121 (+1 hits since last alert)|roguetechscene.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechscene.com"] [uri "/xmlrpc.php"] [unique_id "akQoG7OShAV_o6MgFpQwhgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
francoisunix
2026-06-30 19:44:05
(1 week ago)
39.35.192.121 - - [30/Jun/2026:19:43:21 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0 ...
show more
39.35.192.121 - - [30/Jun/2026:19:43:21 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.2; http://site37708694.com"
39.35.192.121 - - [30/Jun/2026:19:43:31 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)"
39.35.192.121 - - [30/Jun/2026:19:43:41 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
39.35.192.121 - - [30/Jun/2026:19:43:52 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
39.35.192.121 - - [30/Jun/2026:19:44:03 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-30 18:54:36
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.192.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 14:54:31.018759 2026] [security2:error] [pid 2456:tid 2456] [client 39.35.192.121:11671] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.192.121 (+1 hits since last alert)|abundancecompany.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abundancecompany.com"] [uri "/xmlrpc.php"] [unique_id "akQQ5022dKk6ZIIQALFBaQAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack