๐ณ๐ฑ
Site.eu
2026-07-15 15:30:21
(11 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
konseptit
2026-07-15 15:01:25
(12 hours ago)
(wordpress) Failed wordpress login from 41.155.36.6 (GH/Ghana/36-155-41-6-fixedbroadband.vodafone.co ...
show more
(wordpress) Failed wordpress login from 41.155.36.6 (GH/Ghana/36-155-41-6-fixedbroadband.vodafone.com.gh)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-15 13:24:21
(13 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafon ...
show more
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafone.com.gh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 09:24:15.038401 2026] [security2:error] [pid 31303:tid 31303] [client 41.155.36.6:33050] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.155.36.6 (+1 hits since last alert)|kritaka.ai|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kritaka.ai"] [uri "/xmlrpc.php"] [unique_id "aleJ_3UL2piprDhCYWiNUAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-15 12:51:51
(14 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
rh24
2026-07-15 12:51:33
(14 hours ago)
(xmlrpc_405) XMLRPC-Bot 405 41.155.36.6 (GH/Ghana/36-155-41-6-fixedbroadband.vodafone.com.gh)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-15 12:23:46
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafon ...
show more
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafone.com.gh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 08:23:38.555553 2026] [security2:error] [pid 10103:tid 10103] [client 41.155.36.6:31621] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.155.36.6 (+1 hits since last alert)|cosplayculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cosplayculture.com"] [uri "/xmlrpc.php"] [unique_id "ald7yrTkcM6MdBaQRU-i8gAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 10:51:00
(16 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafon ...
show more
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafone.com.gh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:50:55.892784 2026] [security2:error] [pid 1402:tid 1402] [client 41.155.36.6:5643] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.155.36.6 (+1 hits since last alert)|doublenaughtspycar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doublenaughtspycar.com"] [uri "/xmlrpc.php"] [unique_id "aldmDyBOWvDWfkrcbvfX5AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 10:49:23
(16 hours ago)
[redacted] 41.155.36.6 - - [15/Jul/2026:12:48:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jet ...
show more
[redacted] 41.155.36.6 - - [15/Jul/2026:12:48:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 41.155.36.6 - - [15/Jul/2026:12:48:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 41.155.36.6 - - [15/Jul/2026:12:49:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
[redacted] 41.155.36.6 - - [15/Jul/2026:12:49:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 41.155.36.6 - - [15/Jul/2026:12:49:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐ฉ๐ช
LRob
2026-07-15 10:18:51
(16 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.co ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 09:20:26
(17 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafon ...
show more
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafone.com.gh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 05:20:18.300309 2026] [security2:error] [pid 22599:tid 22599] [client 41.155.36.6:54540] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.155.36.6 (+1 hits since last alert)|nypatriotcards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nypatriotcards.com"] [uri "/xmlrpc.php"] [unique_id "aldQ0s1MqJ_Rd_8uxOE6-wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-15 09:01:55
(18 hours ago)
41.155.36.6 - - [15/Jul/2026:11:01:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by Wo ...
show more
41.155.36.6 - - [15/Jul/2026:11:01:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
41.155.36.6 - - [15/Jul/2026:11:01:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "WordPress.com; https://wordpress.com"
41.155.36.6 - - [15/Jul/2026:11:01:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
show less
Hacking
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-15 08:46:32
(18 hours ago)
41.155.36.6 - - [15/Jul/2026:10:46:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack/13.0; ...
show more
41.155.36.6 - - [15/Jul/2026:10:46:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack/13.0; WordPress/6.2; http://site20342946.com"
41.155.36.6 - - [15/Jul/2026:10:46:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "Jetpack by WordPress.com"
41.155.36.6 - - [15/Jul/2026:10:46:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6382 "-" "WordPress.com; https://wordpress.com"
show less
Hacking
Web App Attack
๐ช๐ธ
masterguru
2026-07-14 15:15:54
(1 day ago)
(xmlrpc) Failed xmlrpc access from 41.155.36.6 (GH/Ghana/36-155-41-6-fixedbroadband.vodafone.com.gh) ...
show more
(xmlrpc) Failed xmlrpc access from 41.155.36.6 (GH/Ghana/36-155-41-6-fixedbroadband.vodafone.com.gh): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ฒ๐พ
Rizzy
2026-07-14 15:11:19
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 13:35:25
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafon ...
show more
(mod_security) mod_security (id:240335) triggered by 41.155.36.6 (36-155-41-6-fixedbroadband.vodafone.com.gh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:35:17.343327 2026] [security2:error] [pid 16330:tid 16330] [client 41.155.36.6:8756] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.155.36.6 (+1 hits since last alert)|desdier.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desdier.com"] [uri "/xmlrpc.php"] [unique_id "alY7FbCIX6rVidkFyKcpawAAACE"]
show less
Brute-Force
Bad Web Bot
Web App Attack