๐ณ๐ฑ
Site.eu
2026-07-09 17:20:40
(2 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-09 16:23:05
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 12:23:01.585222 2026] [security2:error] [pid 2537:tid 2537] [client 70.125.121.10:53339] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|matt-bechtel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "matt-bechtel.com"] [uri "/xmlrpc.php"] [unique_id "ak_K5f6QylJhZPFMEXeXZgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-08 16:08:37
(1 day ago)
[ns41.kdns.gr] httpd-xmlrpc-post: sites=www.medisto.gr; logs=/var/log/httpd/domains/medisto.gr.log; ...
show more
[ns41.kdns.gr] httpd-xmlrpc-post: sites=www.medisto.gr; logs=/var/log/httpd/domains/medisto.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-07-07 20:25:39
(1 day ago)
70.125.121.10 - - [08/Jul/2026:04:25:17 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack/12. ...
show more
70.125.121.10 - - [08/Jul/2026:04:25:17 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack/12.1; WordPress/6.2; http://site51037247.com"
70.125.121.10 - - [08/Jul/2026:04:25:28 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by WordPress.com"
70.125.121.10 - - [08/Jul/2026:04:25:38 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
๐ช๐ธ
masterguru
2026-07-07 17:52:00
(2 days ago)
(xmlrpc) Failed xmlrpc access from 70.125.121.10 (US/United States/syn-070-125-121-010.biz.spectrum. ...
show more
(xmlrpc) Failed xmlrpc access from 70.125.121.10 (US/United States/syn-070-125-121-010.biz.spectrum.com): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-06 22:08:12
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 18:08:07.510273 2026] [security2:error] [pid 11110:tid 11110] [client 70.125.121.10:53437] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|whodatnation.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whodatnation.com"] [uri "/xmlrpc.php"] [unique_id "akwnR-CStgC0OtZ34VAjHgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-06 21:34:31
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-06 21:04:40
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 17:04:33.176270 2026] [security2:error] [pid 25724:tid 25724] [client 70.125.121.10:59165] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|circleinthesquare.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "circleinthesquare.org"] [uri "/xmlrpc.php"] [unique_id "akwYYTTjTjTOj947sAo7DgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
akasolutions.de
2026-07-06 21:02:40
(2 days ago)
(wordpress) Failed wordpress login from 70.125.121.10 (US/United States/syn-070-125-121-010.biz.spec ...
show more
(wordpress) Failed wordpress login from 70.125.121.10 (US/United States/syn-070-125-121-010.biz.spectrum.com)
show less
Brute-Force
๐ฆ๐บ
screwlooseit.com.au
2026-07-06 21:02:36
(2 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/syn-070-125-121-010.biz.spectrum.com
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 20:34:06
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:34:02.078364 2026] [security2:error] [pid 5299:tid 5299] [client 70.125.121.10:59197] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|expresstires.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "expresstires.us"] [uri "/xmlrpc.php"] [unique_id "akwROnyVyxrf6J6nFts7IwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 19:30:31
(3 days ago)
70.125.121.10 - - [06/Jul/2026:21:29:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by W ...
show more
70.125.121.10 - - [06/Jul/2026:21:29:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
70.125.121.10 - - [06/Jul/2026:21:29:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
70.125.121.10 - - [06/Jul/2026:21:30:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
70.125.121.10 - - [06/Jul/2026:21:30:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com"
70.125.121.10 - - [06/Jul/2026:21:30:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-07-06 15:44:41
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 21:52:57
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 17:52:51.970460 2026] [security2:error] [pid 11907:tid 12012] [client 70.125.121.10:55074] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|mysticscon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mysticscon.com"] [uri "/xmlrpc.php"] [unique_id "akbdszhfOYcyDf64XWEcBwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 20:10:18
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum ...
show more
(mod_security) mod_security (id:240335) triggered by 70.125.121.10 (syn-070-125-121-010.biz.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 16:10:10.669837 2026] [security2:error] [pid 12950:tid 12950] [client 70.125.121.10:49648] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 70.125.121.10 (+1 hits since last alert)|nordicbuilders.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nordicbuilders.net"] [uri "/xmlrpc.php"] [unique_id "akbFor5D4RA-IqbYQoI-wgAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack