๐ซ๐ท
sasbau
2026-07-10 20:25:19
(1 day ago)
80.5.128.59 - - [10/Jul/2026:22:24:58 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by Wor ...
show more
80.5.128.59 - - [10/Jul/2026:22:24:58 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by WordPress.com"
80.5.128.59 - - [10/Jul/2026:22:25:08 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack/12.1; WordPress/6.1; http://site71976735.com"
80.5.128.59 - - [10/Jul/2026:22:25:19 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "WordPress.com; https://wordpress.com"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 20:06:04
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 16:05:56.471249 2026] [security2:error] [pid 5905:tid 5905] [client 80.5.128.59:53654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|egelfitness.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "egelfitness.nl"] [uri "/xmlrpc.php"] [unique_id "alFQpMzlqF_xqlZNY-u1xgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-10 19:31:45
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
GB/United Kingdom/brnt-01-b2-v4wan-168326-cust58.vm7.cable ...
show more
Blocked by CSF 13 firewall - Rule: XMLRPC
GB/United Kingdom/brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 19:22:44
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 15:22:39.172509 2026] [security2:error] [pid 20842:tid 20842] [client 80.5.128.59:49732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "visionremota.info"] [uri "/xmlrpc.php"] [unique_id "alFGfziqfBuHlsSGrEyX7QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 19:23:15
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:23:07.063929 2026] [security2:error] [pid 19618:tid 19618] [client 80.5.128.59:57646] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|enjoymycondos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "enjoymycondos.com"] [uri "/xmlrpc.php"] [unique_id "akQXm3M8XWOUrU_UXY4esQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-30 15:35:33
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
GB/United Kingdom/brnt-01-b2-v4wan-168326-cust58.vm7.cable ...
show more
Blocked by CSF 13 firewall - Rule: XMLRPC
GB/United Kingdom/brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 19:58:52
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 15:58:47.545841 2026] [security2:error] [pid 19593:tid 19593] [client 80.5.128.59:53845] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|starvationacres.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "starvationacres.us"] [uri "/xmlrpc.php"] [unique_id "akLOd0Pzje7CDny0dJygkQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
DocNetzwerk
2026-06-14 23:19:52
(3 weeks ago)
(wordpress) Failed wordpress login from 80.5.128.59 (GB/United Kingdom/brnt-01-b2-v4wan-168326-cust5 ...
show more
(wordpress) Failed wordpress login from 80.5.128.59 (GB/United Kingdom/brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net)
show less
Brute-Force
๐ธ๐ช
vaia.cloud
2026-06-14 22:43:05
(3 weeks ago)
trying wp-login.php/xmlrpc.php 33 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
cwytech
2026-06-02 07:25:52
(1 month ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
Dolphi
2026-05-31 16:20:03
(1 month ago)
Excessive POST /xmlrpc.php requests
Brute-Force
Web App Attack
Anonymous
2026-05-31 10:20:11
(1 month ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-05-31 08:37:54
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 04:37:48.646383 2026] [security2:error] [pid 17108:tid 17108] [client 80.5.128.59:49891] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|internetnameregistration.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "internetnameregistration.com"] [uri "/xmlrpc.php"] [unique_id "ahvzXNCyc_iFFEJbt43RHwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-31 08:10:11
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 04:10:06.547739 2026] [security2:error] [pid 29345:tid 29345] [client 80.5.128.59:56684] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|matt-bechtel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "matt-bechtel.com"] [uri "/xmlrpc.php"] [unique_id "ahvs3sR9ZF75zLTZ6V5SagAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-31 06:35:59
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7 ...
show more
(mod_security) mod_security (id:240335) triggered by 80.5.128.59 (brnt-01-b2-v4wan-168326-cust58.vm7.cable.virginm.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:35:53.234009 2026] [security2:error] [pid 5335:tid 5335] [client 80.5.128.59:60295] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 80.5.128.59 (+1 hits since last alert)|latentpixel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "latentpixel.com"] [uri "/xmlrpc.php"] [unique_id "ahvWySAS4hpKkylYiiqsaQAAADk"]
show less
Brute-Force
Bad Web Bot
Web App Attack