๐ฉ๐ช
AbuseBaer
2026-07-08 14:30:43
(3 days ago)
access attempt detected by IDS script (B)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 11:56:00
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 07:55:51.971962 2026] [security2:error] [pid 454:tid 454] [client 49.48.55.252:63438] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|citrineartstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "citrineartstudio.com"] [uri "/xmlrpc.php"] [unique_id "akzpRx-JyNakmWNs6mEArAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 08:11:52
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 04:11:45.502150 2026] [security2:error] [pid 1093:tid 1093] [client 49.48.55.252:57370] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|gaeltv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gaeltv.com"] [uri "/xmlrpc.php"] [unique_id "aky0wYYqLhQ1R5j3ytqjSwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 06:08:40
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 02:08:34.857705 2026] [security2:error] [pid 1896:tid 1896] [client 49.48.55.252:53306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|theyoungstrategist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theyoungstrategist.com"] [uri "/xmlrpc.php"] [unique_id "akyX4vjcj7ic7g0lGJYaNgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-07 05:03:53
(5 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-06 17:06:28
(5 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)","Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 11:51:49
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 07:51:44.397577 2026] [security2:error] [pid 2159:tid 2159] [client 49.48.55.252:58035] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|broneksuchanek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "broneksuchanek.com"] [uri "/xmlrpc.php"] [unique_id "akpFUHQKlQuZjDgSCoinVgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-05 06:30:41
(1 week ago)
(wordpress) Failed wordpress login from 49.48.55.252 (TH/Thailand/mx-ll-49.48.55-252.dynamic.3bb.co. ...
show more
(wordpress) Failed wordpress login from 49.48.55.252 (TH/Thailand/mx-ll-49.48.55-252.dynamic.3bb.co.th)
show less
Brute-Force
๐บ๐ธ
cwytech
2026-07-04 08:37:56
(1 week ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wordpress-xmlrpc-bf-high.
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-03 13:01:03
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-03 07:37:05
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:36:58.150241 2026] [security2:error] [pid 11702:tid 11702] [client 49.48.55.252:57121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|fractalsky.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fractalsky.com"] [uri "/xmlrpc.php"] [unique_id "akdmmvsNJKFXvzuBcAHuwgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Jason Howell
2026-07-02 16:52:10
(1 week ago)
49.48.55.252 - - [02/Jul/2026:11:43:39 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "WordPress.co ...
show more
49.48.55.252 - - [02/Jul/2026:11:43:39 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "WordPress.com; https://wordpress.com"
49.48.55.252 - - [02/Jul/2026:11:45:47 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4737 "-" "Jetpack/13.0; WordPress/6.1; http://site42687184.com"
49.48.55.252 - - [02/Jul/2026:11:47:55 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4737 "-" "WordPress.com; https://wordpress.com"
49.48.55.252 - - [02/Jul/2026:11:50:02 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4737 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
49.48.55.252 - - [02/Jul/2026:11:52:10 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 12:52:35
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 08:52:29.516987 2026] [security2:error] [pid 6545:tid 6545] [client 49.48.55.252:50562] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|jellisonrepair.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jellisonrepair.com"] [uri "/xmlrpc.php"] [unique_id "akZfDTKbeVLd2UM6bTSbsAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2026-07-02 12:51:48
(1 week ago)
(wordpress) Failed wordpress login from 49.48.55.252 (TH/Thailand/mx-ll-49.48.55-252.dynamic.3bb.in. ...
show more
(wordpress) Failed wordpress login from 49.48.55.252 (TH/Thailand/mx-ll-49.48.55-252.dynamic.3bb.in.th): (CF_ENABLE)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-02 08:24:52
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co ...
show more
(mod_security) mod_security (id:240335) triggered by 49.48.55.252 (mx-ll-49.48.55-252.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:24:44.561091 2026] [security2:error] [pid 2090:tid 2090] [client 49.48.55.252:60983] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.48.55.252 (+1 hits since last alert)|pakistanvision.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pakistanvision.com"] [uri "/xmlrpc.php"] [unique_id "akYgTLqhAgY7W6Xquv9fFQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack