๐ณ๐ฑ
Site.eu
2026-07-12 14:47:14
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-12 13:15:03
(3 days ago)
[redacted] 81.196.174.238 - - [12/Jul/2026:15:14:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 81.196.174.238 - - [12/Jul/2026:15:14:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 81.196.174.238 - - [12/Jul/2026:15:14:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 81.196.174.238 - - [12/Jul/2026:15:14:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site86017368.com"
[redacted] 81.196.174.238 - - [12/Jul/2026:15:14:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site69550738.com"
[redacted] 81.196.174.238 - - [12/Jul/2026:15:15:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐ณ๐ฑ
debestelapp
2026-07-12 12:50:04
(3 days ago)
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-12 10:38:58
(3 days ago)
81.196.174.238 - - [12/Jul/2026:06:36:46 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress. ...
show more
81.196.174.238 - - [12/Jul/2026:06:36:46 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:06:37:19 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:06:37:30 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:06:38:35 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:06:38:57 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 09:35:34
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 05:35:16.754361 2026] [security2:error] [pid 9953:tid 9966] [client 81.196.174.238:54727] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 81.196.174.238 (+1 hits since last alert)|willmanlawfirm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "willmanlawfirm.com"] [uri "/xmlrpc.php"] [unique_id "alNf1FSUQSOZ17_GdgrtlQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-12 09:26:15
(3 days ago)
81.196.174.238 - - [12/Jul/2026:05:24:27 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress. ...
show more
81.196.174.238 - - [12/Jul/2026:05:24:27 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:05:24:38 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:05:24:48 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:05:25:10 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [12/Jul/2026:05:26:15 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5539 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 09:03:02
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 05:02:48.646832 2026] [security2:error] [pid 30057:tid 30057] [client 81.196.174.238:58501] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 81.196.174.238 (+1 hits since last alert)|takeapawsboston.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "takeapawsboston.com"] [uri "/xmlrpc.php"] [unique_id "alNYOJt440n2xnugF6r4UgAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 06:38:00
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 02:37:45.937711 2026] [security2:error] [pid 2713:tid 2713] [client 81.196.174.238:62538] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 81.196.174.238 (+1 hits since last alert)|mobileonlinecasinos.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mobileonlinecasinos.co"] [uri "/xmlrpc.php"] [unique_id "alM2Ob44L5NgJKP3VHD-7gAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 03:20:54
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 23:20:38.298483 2026] [security2:error] [pid 24629:tid 24629] [client 81.196.174.238:52987] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 81.196.174.238 (+1 hits since last alert)|pulleasy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pulleasy.com"] [uri "/xmlrpc.php"] [unique_id "alMIBlnBSyIw4Q-iuUPl6wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-12 01:14:46
(3 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-11 18:34:30
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
RO/Romania/-
Web App Attack
๐ช๐ธ
alferez
2026-07-11 17:06:21
(3 days ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 15:34:03
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 81.196.174.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 11:33:49.333460 2026] [security2:error] [pid 12950:tid 12950] [client 81.196.174.238:56382] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 81.196.174.238 (+1 hits since last alert)|concentricsteel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "concentricsteel.com"] [uri "/xmlrpc.php"] [unique_id "alJiXREYPdzXpSTsdYRExwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-11 15:30:28
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-11 07:55:20
(4 days ago)
81.196.174.238 - - [11/Jul/2026:03:53:33 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5164 "-" "WordPress. ...
show more
81.196.174.238 - - [11/Jul/2026:03:53:33 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5164 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [11/Jul/2026:03:53:55 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [11/Jul/2026:03:54:37 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5196 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [11/Jul/2026:03:54:58 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5196 "-" "WordPress.com; https://wordpress.com"
81.196.174.238 - - [11/Jul/2026:03:55:20 -0400] "POST /xmlrpc.php HTTP/1.1" 200 5180 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack