π«π·
SpaceHost-Server
2026-07-07 22:34:47
(1 day ago)
Brute-Force
Web App Attack
π«π·
francoisunix
2026-07-07 21:04:09
(2 days ago)
49.148.49.158 - - [07/Jul/2026:21:03:24 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by W ...
show more
49.148.49.158 - - [07/Jul/2026:21:03:24 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
49.148.49.158 - - [07/Jul/2026:21:03:34 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/13.0; WordPress/6.4; http://site69273888.com"
49.148.49.158 - - [07/Jul/2026:21:03:45 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
49.148.49.158 - - [07/Jul/2026:21:03:56 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
49.148.49.158 - - [07/Jul/2026:21:04:07 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/13.0; WordPress/6.4; http://site26560054.com"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-07 18:32:29
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 14:32:23.621414 2026] [security2:error] [pid 6560:tid 6560] [client 49.148.49.158:63415] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|lusineweb.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lusineweb.com"] [uri "/xmlrpc.php"] [unique_id "ak1GN4mLXLrRYnzNfzmnkAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-07-07 14:22:39
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 20:40:59
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:40:51.809342 2026] [security2:error] [pid 4883:tid 4897] [client 49.148.49.158:52042] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|georgementz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgementz.org"] [uri "/xmlrpc.php"] [unique_id "akwS0xpK1bKXeb3NmouwRwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 20:12:17
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:12:11.927962 2026] [security2:error] [pid 13327:tid 13327] [client 49.148.49.158:54500] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|opticasprisma.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "opticasprisma.com"] [uri "/xmlrpc.php"] [unique_id "akwMG53r4dxfjVYWjGJnEQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
screwlooseit.com.au
2026-07-03 17:01:38
(6 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/dsl.49.148.49.158.pldt.net
Web App Attack
π²πΎ
Rizzy
2026-07-02 19:57:03
(1 week ago)
Multiple WAF Violations
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 19:00:49
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:00:41.849257 2026] [security2:error] [pid 32573:tid 32573] [client 49.148.49.158:61571] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|yanlidesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yanlidesign.com"] [uri "/xmlrpc.php"] [unique_id "aka1WY5QQ71Y7x4dI9fajQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-02 17:56:56
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 13:56:49.913603 2026] [security2:error] [pid 28461:tid 28475] [client 49.148.49.158:35173] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|northtexaslive.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "northtexaslive.com"] [uri "/xmlrpc.php"] [unique_id "akamYegeXwvP-kOwcQ--5wAAAQw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
Site.eu
2026-07-01 17:16:22
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-06-30 13:02:31
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 09:02:25.768403 2026] [security2:error] [pid 11538:tid 11538] [client 49.148.49.158:11417] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|maffiniandbearce.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "maffiniandbearce.com"] [uri "/xmlrpc.php"] [unique_id "akO-YfqBrzQdEJj7X2aYXwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
applemooz
2026-06-29 21:09:40
(1 week ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-29 13:55:31
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 49.148.49.158 (dsl.49.148.49.158.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:55:22.995659 2026] [security2:error] [pid 19055:tid 19055] [client 49.148.49.158:59232] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.148.49.158 (+1 hits since last alert)|edmestonfd.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edmestonfd.com"] [uri "/xmlrpc.php"] [unique_id "akJ5SpC9v5LlI4K-FpMXfQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 12:03:11
(1 week ago)
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show more
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-skip.asp
show less
Exploited Host
Bad Web Bot