๐บ๐ธ
TPI-Abuse
2026-07-14 00:33:14
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 20:33:10.087038 2026] [security2:error] [pid 23138:tid 23163] [client 39.35.219.4:49176] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|maryschalkdesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "maryschalkdesign.com"] [uri "/xmlrpc.php"] [unique_id "alWDxg4KGeGTM1Kd9o0NiQAAAJc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-14 00:31:15
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
IndigoRidge
2026-07-14 00:11:34
(1 day ago)
39.35.219.4 - - [13/Jul/2026:20:09:45 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com ...
show more
39.35.219.4 - - [13/Jul/2026:20:09:45 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
39.35.219.4 - - [13/Jul/2026:20:10:17 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5196 "-" "WordPress.com; https://wordpress.com"
39.35.219.4 - - [13/Jul/2026:20:11:11 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
39.35.219.4 - - [13/Jul/2026:20:11:22 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
39.35.219.4 - - [13/Jul/2026:20:11:33 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
Anonymous
2026-07-13 23:36:44
(1 day ago)
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 23:30:22
(1 day ago)
(wordpress) Failed wordpress login from 39.35.219.4 (PK/Pakistan/-)
Brute-Force
๐ง๐พ
lns.bz
2026-07-13 23:29:25
(1 day ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:00:23
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:00:17.480862 2026] [security2:error] [pid 28696:tid 28696] [client 39.35.219.4:51845] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|primacomm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "primacomm.com"] [uri "/xmlrpc.php"] [unique_id "alVf8fI0ZCvchvc-lGptawAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 21:17:38
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 17:17:32.387788 2026] [security2:error] [pid 25103:tid 25103] [client 39.35.219.4:64633] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|qed-consulting.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "qed-consulting.co"] [uri "/xmlrpc.php"] [unique_id "alVV7PwwU06ZyszdgQe7dQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 20:07:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 16:07:24.157590 2026] [security2:error] [pid 10328:tid 10328] [client 39.35.219.4:55731] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|ralphharris.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ralphharris.org"] [uri "/xmlrpc.php"] [unique_id "alVFfMsHSXGrQ8WbiI1sfwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 19:45:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:45:50.835683 2026] [security2:error] [pid 15904:tid 15904] [client 39.35.219.4:50815] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|hotelkona.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hotelkona.com"] [uri "/xmlrpc.php"] [unique_id "alVAbguOjSR_1d0ncfj1bAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-13 19:05:10
(1 day ago)
7.303 post requests in 1 hour (1w5d5h)
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-13 18:41:59
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 39.35.219.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 14:41:55.850651 2026] [security2:error] [pid 16959:tid 16959] [client 39.35.219.4:54712] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 39.35.219.4 (+1 hits since last alert)|broneksuchanek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "broneksuchanek.com"] [uri "/xmlrpc.php"] [unique_id "alUxc1YGUDOkogBs3OvlAwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-13 18:30:48
(1 day ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ฉ๐ช
ghostwarriors
2026-07-13 17:50:37
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 17:38:26
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack