๐ฎ๐น
CoreTech srl
2026-07-14 21:08:57
(2 hours ago)
cloudlinux2 fail2ban: 2026-07-14 23:04:17,801 fail2ban.filter [1878]: INFO [plesk-modsecu ...
show more
cloudlinux2 fail2ban: 2026-07-14 23:04:17,801 fail2ban.filter [1878]: INFO [plesk-modsecurity] Found 5.107.218.187 - 2026-07-14 23:04:17cloudlinux2 fail2ban: 2026-07-14 23:04:50,181 fail2ban.actions [1878]: NOTICE [plesk-modsecurity] Ban 5.107.218.187cloudlinux2 fail2ban: 2026-07-14 23:04:49,952 fail2ban.filter [1878]: INFO [plesk-modsecurity] Found 5.107.218.187 - 2026-07-14 23:04:49cloudlinux2 fail2ban: 2026-07-14 23:04:50,187 fail2ban.filter [1878]: INFO [recidive] Found 5.107.218.187 - 2026-07-14 23:04:50cloudlinux2 fail2ban: 2026-07-14 23:05:58,846 fail2ban.filter [1878]: INFO [plesk-modsecurity] Found 202.111.100.187 - 2026-07-14 23:05:58cloudlinux2 fail2ban: 2026-07-14 23:06:05,238 fail2ban.filter [1878]: INFO [plesk-modsecurity] Found 41.210.154.94 - 2026-07-14 23:06:05cloudlinux2 fail2ban: 2026-07-14 23:06:31,733 fail2ban.filter [1878]: INFO [plesk-modsecurity] Found 122.97.136.75 - 2026-07-14 23:06:31cloudlinux2 fail2ban: 2026
show less
Brute-Force
๐ฆ๐บ
QT
2026-07-14 19:20:34
(4 hours ago)
Unauthorised WordPress admin login attempted at 2026-07-15 05:20:33 +1000
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 18:21:46
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in th ...
show more
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 14:21:42.109068 2026] [security2:error] [pid 30802:tid 30802] [client 41.210.154.94:13355] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.210.154.94 (+1 hits since last alert)|intothebigempty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "intothebigempty.com"] [uri "/xmlrpc.php"] [unique_id "alZ-NoaXBvsrW2P1xhjNbgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-14 17:30:52
(5 hours ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
Jason Howell
2026-07-14 16:47:19
(6 hours ago)
41.210.154.94 - - [14/Jul/2026:11:46:36 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4595 "-" "Jetpack/12. ...
show more
41.210.154.94 - - [14/Jul/2026:11:46:36 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4595 "-" "Jetpack/12.5; WordPress/6.4; http://site97140303.com"
41.210.154.94 - - [14/Jul/2026:11:46:46 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4593 "-" "Jetpack/13.0; WordPress/6.1; http://site54373836.com"
41.210.154.94 - - [14/Jul/2026:11:46:57 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4593 "-" "Jetpack/13.0; WordPress/6.1; http://site28342806.com"
41.210.154.94 - - [14/Jul/2026:11:47:07 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4593 "-" "Jetpack/13.0; WordPress/6.2; http://site36803586.com"
41.210.154.94 - - [14/Jul/2026:11:47:18 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4594 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 16:18:01
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in th ...
show more
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 12:17:57.604545 2026] [security2:error] [pid 13375:tid 13390] [client 41.210.154.94:7087] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.210.154.94 (+1 hits since last alert)|sparkhypnotherapy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sparkhypnotherapy.com"] [uri "/xmlrpc.php"] [unique_id "alZhNWuWleARDVndth-fLAAAAE0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:48:04
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in th ...
show more
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:47:58.736276 2026] [security2:error] [pid 20744:tid 20744] [client 41.210.154.94:26665] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.210.154.94 (+1 hits since last alert)|londongroup.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "londongroup.info"] [uri "/xmlrpc.php"] [unique_id "alZaLusUJyZ8IbjurUAY5AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-14 07:46:00
(15 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-13 22:12:16
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ช๐ธ
masterguru
2026-07-13 21:44:30
(1 day ago)
(xmlrpc) Failed xmlrpc access from 41.210.154.94 (UG/Uganda/h1a5e.n1.ips.mtn.co.ug): 5 in the last 3 ...
show more
(xmlrpc) Failed xmlrpc access from 41.210.154.94 (UG/Uganda/h1a5e.n1.ips.mtn.co.ug): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ซ๐ท
dynamix
2026-07-13 21:42:33
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
Lunix
2026-07-13 08:53:22
(1 day ago)
Brute-Force
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-13 08:12:38
(1 day ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 07:13:48
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in th ...
show more
(mod_security) mod_security (id:240335) triggered by 41.210.154.94 (h1a5e.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:13:41.745111 2026] [security2:error] [pid 8717:tid 8735] [client 41.210.154.94:22107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.210.154.94 (+1 hits since last alert)|coloradomountain.homes|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coloradomountain.homes"] [uri "/xmlrpc.php"] [unique_id "alSQJejOPEEwIWyaAyUThwAAAIY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-13 06:41:24
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack