๐ช๐จ
icp77
2026-07-06 14:39:00
(6 hours ago)
Abuse DDoS
DDoS Attack
Port Scan
Brute-Force
Exploited Host
Web App Attack
SSH
FTP Brute-Force
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-06 13:50:43
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co. ...
show more
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 09:50:36.134470 2026] [security2:error] [pid 27551:tid 27551] [client 49.249.180.98:53729] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.249.180.98 (+1 hits since last alert)|tomartsmedia.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomartsmedia.org"] [uri "/xmlrpc.php"] [unique_id "akuyrNEkj8Rv3cKzvbzhPQAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
cwytech
2026-07-06 07:49:08
(13 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 07:22:01
(13 hours ago)
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co. ...
show more
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 03:21:57.087219 2026] [security2:error] [pid 15111:tid 15111] [client 49.249.180.98:61134] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.249.180.98 (+1 hits since last alert)|theopinionatedowl.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theopinionatedowl.com"] [uri "/xmlrpc.php"] [unique_id "aktXlf-XoFj0rHHUv8sZ9wAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-06 06:48:01
(14 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 06:21:09
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co. ...
show more
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 02:21:03.498448 2026] [security2:error] [pid 23603:tid 23603] [client 49.249.180.98:50374] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.249.180.98 (+1 hits since last alert)|solucionesmercadeodigital.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "solucionesmercadeodigital.com"] [uri "/xmlrpc.php"] [unique_id "aktJTw4_XIDnQFWPWowyiwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-06 06:17:31
(14 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฎ๐น
sssrit
2026-07-06 06:16:54
(14 hours ago)
49.249.180.98 - - [06/Jul/2026:08:16:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 476 "-" "Jetpack/13.0 ...
show more
49.249.180.98 - - [06/Jul/2026:08:16:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 476 "-" "Jetpack/13.0; WordPress/6.3; http://site61424616.com"
49.249.180.98 - - [06/Jul/2026:08:16:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 476 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 12:52:01
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co. ...
show more
(mod_security) mod_security (id:240335) triggered by 49.249.180.98 (static-98.180.249.49-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 08:51:53.984039 2026] [security2:error] [pid 22458:tid 22458] [client 49.249.180.98:61647] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.249.180.98 (+1 hits since last alert)|kaylamaclaincounseling.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kaylamaclaincounseling.com"] [uri "/xmlrpc.php"] [unique_id "akkB6Rl-7_pBT9MFDRKk0QAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-04 11:01:09
(2 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ง๐พ
lns.bz
2026-07-04 06:09:15
(2 days ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-04 05:08:18
(2 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
factor1
2026-04-17 13:56:45
(2 months ago)
Fail2ban at saturn Reports Abuse.
Brute-Force
Web App Attack
๐ฉ๐ช
abdubhai
2026-04-17 13:02:03
(2 months ago)
49.249.180.98 - - [17/Apr/2026:1
...
Brute-Force
Anonymous
2026-04-15 09:46:30
(2 months ago)
Fail2ban filtered
...
Web App Attack