๐บ๐ธ
TPI-Abuse
2026-07-16 12:13:18
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 08:13:04.466079 2026] [security2:error] [pid 14534:tid 14534] [client 49.43.242.11:60266] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|brianwhitty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brianwhitty.com"] [uri "/xmlrpc.php"] [unique_id "aljK0G_WmVHIIMLfqzNoTQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 11:40:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 07:40:44.070349 2026] [security2:error] [pid 14105:tid 14105] [client 49.43.242.11:51567] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|lakependoreillemobility.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lakependoreillemobility.com"] [uri "/xmlrpc.php"] [unique_id "aljDPLpRDeJYrKIfQvhWBwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:38:41
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:38:30.556762 2026] [security2:error] [pid 20585:tid 20585] [client 49.43.242.11:54927] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|ftiptondds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ftiptondds.com"] [uri "/xmlrpc.php"] [unique_id "ali0psoXuLP2Vs8b1NztJAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-13 12:56:50
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-13 11:28:23
(4 days ago)
49.43.242.11 - - [13/Jul/2026:07:26:38 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.co ...
show more
49.43.242.11 - - [13/Jul/2026:07:26:38 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
49.43.242.11 - - [13/Jul/2026:07:26:59 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
49.43.242.11 - - [13/Jul/2026:07:27:09 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
49.43.242.11 - - [13/Jul/2026:07:27:41 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
49.43.242.11 - - [13/Jul/2026:07:28:23 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 11:28:03
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 07:27:52.531201 2026] [security2:error] [pid 1548763:tid 1548763] [client 49.43.242.11:55794] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|technesa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "alTLuNIK0xK2X6OpPOH9YgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-08 10:57:05
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-06 12:30:29
(1 week ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 12:01:58
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 08:01:44.599754 2026] [security2:error] [pid 1803:tid 1803] [client 49.43.242.11:55045] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|drgtek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drgtek.com"] [uri "/xmlrpc.php"] [unique_id "akuZKCiedKOpowjXFoY1DAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-06 11:29:25
(1 week ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
Jason Howell
2026-07-06 10:40:52
(1 week ago)
49.43.242.11 - - [06/Jul/2026:05:28:38 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack by W ...
show more
49.43.242.11 - - [06/Jul/2026:05:28:38 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
49.43.242.11 - - [06/Jul/2026:05:30:47 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4740 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
49.43.242.11 - - [06/Jul/2026:05:36:36 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
49.43.242.11 - - [06/Jul/2026:05:38:44 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack by WordPress.com"
49.43.242.11 - - [06/Jul/2026:05:40:52 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
...
show less
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-06 10:29:23
(1 week ago)
(wordpress) Failed wordpress login from 49.43.242.11 (IN/India/-)
Brute-Force
๐บ๐ธ
TAY
2026-06-29 12:37:28
(2 weeks ago)
49.43.242.11 - - [29/Jun/2026:20:37:07 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5918 "-" "Jetpack by W ...
show more
49.43.242.11 - - [29/Jun/2026:20:37:07 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5918 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
49.43.242.11 - - [29/Jun/2026:20:37:17 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5918 "-" "WordPress.com; https://wordpress.com"
49.43.242.11 - - [29/Jun/2026:20:37:27 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5918 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-25 12:40:23
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 08:40:10.050764 2026] [security2:error] [pid 20757:tid 20757] [client 49.43.242.11:60795] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kbalan.com"] [uri "/xmlrpc.php"] [unique_id "aj0hqs796frSrMKIsqo0gAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 11:40:19
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 49.43.242.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 07:40:08.051026 2026] [security2:error] [pid 16278:tid 16278] [client 49.43.242.11:63010] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.43.242.11 (+1 hits since last alert)|fgrotary.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fgrotary.org"] [uri "/xmlrpc.php"] [unique_id "ajkfGGAmt0HuHTaMpWP9xgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack