๐ซ๐ท
dynamix
2026-07-07 10:11:00
(22 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 01:25:30
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 21:25:27.084224 2026] [security2:error] [pid 21402:tid 21402] [client 85.209.132.62:55234] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 85.209.132.62 (+1 hits since last alert)|climasyequipos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "climasyequipos.com"] [uri "/xmlrpc.php"] [unique_id "akmyh3VmEGuf9m8omLw-wgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-05 01:23:54
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-04 23:53:03
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 19:52:58.199394 2026] [security2:error] [pid 26445:tid 26445] [client 85.209.132.62:51216] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 85.209.132.62 (+1 hits since last alert)|495metro.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "495metro.com"] [uri "/xmlrpc.php"] [unique_id "akmc2i5GOQww9vXfjXkAzAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-04 22:50:17
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 21:51:52
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 17:51:48.474109 2026] [security2:error] [pid 10942:tid 10942] [client 85.209.132.62:53587] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 85.209.132.62 (+1 hits since last alert)|stop902.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stop902.org"] [uri "/xmlrpc.php"] [unique_id "akmAdIiEKEkZiJOHlVvtgwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-04 20:04:59
(3 days ago)
85.209.132.62 - - [04/Jul/2026:22:04:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.co ...
show more
85.209.132.62 - - [04/Jul/2026:22:04:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
85.209.132.62 - - [04/Jul/2026:22:04:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
85.209.132.62 - - [04/Jul/2026:22:04:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
85.209.132.62 - - [04/Jul/2026:22:04:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
85.209.132.62 - - [04/Jul/2026:22:04:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 18:25:08
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 14:25:03.007658 2026] [security2:error] [pid 2236:tid 2236] [client 85.209.132.62:49882] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 85.209.132.62 (+1 hits since last alert)|campnecon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "campnecon.com"] [uri "/xmlrpc.php"] [unique_id "aklP_zfXpyAEXdMNdgx98AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
cwytech
2026-07-04 15:57:13
(3 days ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 12:32:46
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 08:32:40.770222 2026] [security2:error] [pid 28006:tid 28006] [client 85.209.132.62:58540] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||natickvillagerentals.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "natickvillagerentals.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akj9aMHRjkeURKylr97mqgAAAHU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-27 23:30:10
(1 week ago)
Attac
Brute-Force
๐ท๐ด
INTEQ
2026-06-27 21:56:32
(1 week ago)
Web attack from 85.209.132.62
Web App Attack
๐ซ๐ท
bazter.pro
2026-06-27 21:13:41
(1 week ago)
Fail2Ban: plesk-bot-aggressive - 15 failures
Port Scan
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 16:38:53
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 85.209.132.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:38:49.612184 2026] [security2:error] [pid 9402:tid 9402] [client 85.209.132.62:60594] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 85.209.132.62 (+1 hits since last alert)|websitesforauthors.design|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "websitesforauthors.design"] [uri "/xmlrpc.php"] [unique_id "aj_8mdZJSMNWxPRTzc6uuQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-06-27 16:21:35
(1 week ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack