Anonymous
2026-07-15 23:00:07
(11 hours ago)
[redacted] 79.116.30.148 - - [16/Jul/2026:00:59:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ...
show more
[redacted] 79.116.30.148 - - [16/Jul/2026:00:59:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 79.116.30.148 - - [16/Jul/2026:00:59:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
[redacted] 79.116.30.148 - - [16/Jul/2026:00:59:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 79.116.30.148 - - [16/Jul/2026:00:59:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 79.116.30.148 - - [16/Jul/2026:01:00:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-15 22:31:11
(12 hours ago)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 14:55:57
(19 hours ago)
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 10:55:51.489387 2026] [security2:error] [pid 29400:tid 29400] [client 79.116.30.148:49337] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 79.116.30.148 (+1 hits since last alert)|firstunitedreserve.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "firstunitedreserve.com"] [uri "/xmlrpc.php"] [unique_id "alefd6qgpWgphWkyhUikAQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 10:58:14
(23 hours ago)
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:58:08.362558 2026] [security2:error] [pid 4812:tid 4812] [client 79.116.30.148:51850] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 79.116.30.148 (+1 hits since last alert)|lspfest.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lspfest.com"] [uri "/xmlrpc.php"] [unique_id "aldnwO9dqaGEgrgzR_jsowAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-15 05:50:45
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 05:34:19
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-15 04:25:08
(1 day ago)
(wordpress) Failed wordpress login from 79.116.30.148 (ES/Spain/79-116-30-148.digimobil.es)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-15 03:37:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 23:37:19.044520 2026] [security2:error] [pid 15094:tid 15094] [client 79.116.30.148:49227] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 79.116.30.148 (+1 hits since last alert)|thepercussionworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thepercussionworks.com"] [uri "/xmlrpc.php"] [unique_id "alcAb1b58AoYm6Jg05uUzgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-15 02:33:26
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 01:04:05
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 21:04:01.493669 2026] [security2:error] [pid 23861:tid 23861] [client 79.116.30.148:58674] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 79.116.30.148 (+1 hits since last alert)|barigby.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "barigby.com"] [uri "/xmlrpc.php"] [unique_id "albcgcj5qd5zoPhCeolSjQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-14 22:30:35
(1 day ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-14 22:29:53
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 79.116.30.148 (79-116-30-148.digimobil.es): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 18:29:47.141194 2026] [security2:error] [pid 12976:tid 12976] [client 79.116.30.148:59362] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 79.116.30.148 (+1 hits since last alert)|modalsoftware.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "modalsoftware.com"] [uri "/xmlrpc.php"] [unique_id "ala4W1weLTsNlgWKY1AxGQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-14 19:06:07
(1 day ago)
79.116.30.148 - - [14/Jul/2026:21:05:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.5 ...
show more
79.116.30.148 - - [14/Jul/2026:21:05:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.5; WordPress/6.4; http://site56837893.com"
79.116.30.148 - - [14/Jul/2026:21:05:56 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
79.116.30.148 - - [14/Jul/2026:21:06:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
show less
Hacking
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-14 18:50:43
(1 day ago)
79.116.30.148 - - [14/Jul/2026:20:50:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by W ...
show more
79.116.30.148 - - [14/Jul/2026:20:50:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com"
79.116.30.148 - - [14/Jul/2026:20:50:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.1; WordPress/6.2; http://site33039816.com"
79.116.30.148 - - [14/Jul/2026:20:50:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
show less
Hacking
Web App Attack