๐ซ๐ท
dynamix
2026-07-03 16:42:50
(1 hour ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
Teufel100
2026-07-03 15:39:14
(2 hours ago)
Brutforceangriff auf /xmlrpc.php
Brute-Force
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 04:04:29
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 49.37.134.94 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.37.134.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 00:04:13.178212 2026] [security2:error] [pid 7744:tid 7744] [client 49.37.134.94:55410] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.37.134.94 (+1 hits since last alert)|themadwriter.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "themadwriter.us"] [uri "/xmlrpc.php"] [unique_id "ajDLPXGmwFpl_6OyFV7g1gAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-06-13 09:09:01
(2 weeks ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 07:12:55
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 49.37.134.94 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.37.134.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 03:12:46.595319 2026] [security2:error] [pid 28295:tid 28295] [client 49.37.134.94:51978] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.37.134.94 (+1 hits since last alert)|michelehoop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michelehoop.com"] [uri "/xmlrpc.php"] [unique_id "ai0C7u321QvCJCVsV9wGwAAAACo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-13 05:13:10
(2 weeks ago)
Attac
Brute-Force
๐บ๐ธ
cwytech
2026-06-13 04:04:57
(2 weeks ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wordpress-geofence-sus.
Bad Web Bot
Web App Attack
๐จ๐ฟ
antihack.anarchista.xyz
2026-06-08 15:47:12
(3 weeks ago)
Brute-force login: 5 fails in 10 min, last user "admin", URI /xmlrpc.php, UA Jetpack by WordPress.co ...
show more
Brute-force login: 5 fails in 10 min, last user "admin", URI /xmlrpc.php, UA Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
Bad Web Bot
Anonymous
2025-08-11 10:16:30
(10 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-08-09 20:28:06
(10 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
Jason Howell
2025-08-07 15:53:23
(10 months ago)
49.37.134.94 - - [07/Aug/2025:09:55:06 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Mozilla/5.0 ...
show more
49.37.134.94 - - [07/Aug/2025:09:55:06 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
49.37.134.94 - - [07/Aug/2025:09:56:53 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36"
49.37.134.94 - - [07/Aug/2025:10:50:33 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
49.37.134.94 - - [07/Aug/2025:10:51:58 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
49.37.134.94 - - [07/Aug/2025:10:53:22 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.0.0 Safari/537.36"
...
show less
Web App Attack
Anonymous
2025-08-01 08:51:41
(11 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH