Anonymous
2026-07-15 06:44:19
(8 hours ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
π©πͺ
ghostwarriors
2026-07-14 22:51:41
(16 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-14 04:12:51
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-14 03:10:04
(1 day ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-14 02:42:44
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:42:40.184988 2026] [security2:error] [pid 4085:tid 4085] [client 41.90.141.82:3505] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.90.141.82 (+1 hits since last alert)|greensandbeans.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greensandbeans.us"] [uri "/xmlrpc.php"] [unique_id "alWiIPSBUGMkX_u3yVLjFQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
konseptit
2026-07-14 01:07:51
(1 day ago)
(wordpress) Failed wordpress login from 41.90.141.82 (KE/Kenya/-)
Brute-Force
π©πͺ
akasolutions.de
2026-07-13 14:27:57
(2 days ago)
(wordpress) Failed wordpress login from 41.90.141.82 (KE/Kenya/-)
Brute-Force
π¦πΊ
screwlooseit.com.au
2026-07-13 09:20:08
(2 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
KE/Kenya/-
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-13 01:59:24
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 21:59:16.579845 2026] [security2:error] [pid 20382:tid 20382] [client 41.90.141.82:2118] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.90.141.82 (+1 hits since last alert)|tomkatkaraoke.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomkatkaraoke.com"] [uri "/xmlrpc.php"] [unique_id "alRGdE_d16-xHrmffnHddQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
cmbplf
2026-07-12 23:41:31
(2 days ago)
4.333 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-07-12 22:51:41
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 18:51:35.193276 2026] [security2:error] [pid 11528:tid 11528] [client 41.90.141.82:6059] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.90.141.82 (+1 hits since last alert)|sfgardening.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sfgardening.com"] [uri "/xmlrpc.php"] [unique_id "alQad9gPBXMSDjnKc92sgwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-12 21:11:19
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-07-12 18:38:58
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 14:38:52.385600 2026] [security2:error] [pid 9185:tid 9185] [client 41.90.141.82:1378] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.90.141.82 (+1 hits since last alert)|brainstormer.soy|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brainstormer.soy"] [uri "/xmlrpc.php"] [unique_id "alPfPGCE5BKUewZRHauWnwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-12 17:41:45
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 13:41:40.850149 2026] [security2:error] [pid 26668:tid 26668] [client 41.90.141.82:6927] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||desarrollosdecolima.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "desarrollosdecolima.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alPR1GNdjsoRNOHXWWaJiQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-12 16:13:30
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 41.90.141.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 12:13:24.738898 2026] [security2:error] [pid 14863:tid 14885] [client 41.90.141.82:9166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.90.141.82 (+1 hits since last alert)|planmytrust.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "planmytrust.com"] [uri "/xmlrpc.php"] [unique_id "alO9JFQ471nvGmQ2BUq9DAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack