๐ซ๐ท
dynamix
2026-07-06 07:18:46
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 18:28:59
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 14:28:51.703940 2026] [security2:error] [pid 27518:tid 27518] [client 66.115.106.159:49825] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|mortuarymessageservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mortuarymessageservices.com"] [uri "/xmlrpc.php"] [unique_id "akf_Y_ZzZC48QXT3tlHpcAAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-02 08:09:32
(5 days ago)
66.115.106.159 - - [02/Jul/2026:10:09:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
...
Brute-Force
Bad Web Bot
Anonymous
2026-07-02 07:27:35
(5 days ago)
66.115.106.159 - - [02/Jul/2026:09:27:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
66.115.106.159 - ...
show more
66.115.106.159 - - [02/Jul/2026:09:27:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
66.115.106.159 - - [02/Jul/2026:09:27:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418
...
show less
Brute-Force
Bad Web Bot
Anonymous
2026-07-01 21:00:10
(6 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-01 20:59:23
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 16:59:20.574380 2026] [security2:error] [pid 19599:tid 19599] [client 66.115.106.159:64855] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|stacyfarm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "akV_qG-d766HnbHxRKSh1QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 20:31:53
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 16:31:49.816752 2026] [security2:error] [pid 6959:tid 6959] [client 66.115.106.159:54241] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|lysedzija.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lysedzija.com"] [uri "/xmlrpc.php"] [unique_id "akV5NW9IeaUwFfKKN5q1uQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-01 09:01:44
(6 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 19:25:30
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:25:25.283843 2026] [security2:error] [pid 10628:tid 10628] [client 66.115.106.159:57506] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|forefrontmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "forefrontmusic.com"] [uri "/xmlrpc.php"] [unique_id "akQYJQmM3DIj1WYyCqC26wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 10:39:47
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:39:41.130509 2026] [security2:error] [pid 28428:tid 28428] [client 66.115.106.159:52478] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|ospectra.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ospectra.com"] [uri "/xmlrpc.php"] [unique_id "akOc7fAry_9bil8iTd8-CgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 04:39:43
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 00:39:35.387204 2026] [security2:error] [pid 20031:tid 20031] [client 66.115.106.159:61024] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|desertalfas.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desertalfas.org"] [uri "/xmlrpc.php"] [unique_id "akH3B0W0G7pkPBC-qb3C6wAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-06-27 02:30:35
(1 week ago)
4.317 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-06-27 01:49:21
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
WeekendWeb
2026-06-26 01:06:05
(1 week ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 19:38:13
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadba ...
show more
(mod_security) mod_security (id:240335) triggered by 66.115.106.159 (host-66-115-106-159.vyvebroadband.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 15:38:08.421908 2026] [security2:error] [pid 10895:tid 10895] [client 66.115.106.159:53670] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 66.115.106.159 (+1 hits since last alert)|nextstepplus.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nextstepplus.net"] [uri "/xmlrpc.php"] [unique_id "aj2DoLvCb8iKBPl752HvUAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack