๐ฉ๐ช
dbmwebdesign
2026-07-17 12:15:28
(8 hours ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:37:09
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:37:02.933507 2026] [security2:error] [pid 14725:tid 14842] [client 95.75.212.104:3577] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|wedgwoodclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wedgwoodclub.com"] [uri "/xmlrpc.php"] [unique_id "ali0TgsE1T4fFp8-G5ih_wAAAkk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 09:04:32
(1 day ago)
WordPress Brute Force
Brute-Force
Anonymous
2026-07-16 08:31:58
(1 day ago)
[redacted] 95.75.212.104 - - [16/Jul/2026:10:30:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "W ...
show more
[redacted] 95.75.212.104 - - [16/Jul/2026:10:30:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 95.75.212.104 - - [16/Jul/2026:10:31:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
[redacted] 95.75.212.104 - - [16/Jul/2026:10:31:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site38837292.com"
[redacted] 95.75.212.104 - - [16/Jul/2026:10:31:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 95.75.212.104 - - [16/Jul/2026:10:31:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 03:59:00
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 23:58:53.135505 2026] [security2:error] [pid 14687:tid 14687] [client 95.75.212.104:3986] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|tomartsmedia.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomartsmedia.org"] [uri "/xmlrpc.php"] [unique_id "alhW_ZbUkh7t7bLUactbzQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 21:48:20
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 17:48:15.019635 2026] [security2:error] [pid 6996:tid 6996] [client 95.75.212.104:3890] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|coolcustomproducts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coolcustomproducts.com"] [uri "/xmlrpc.php"] [unique_id "algAHzKuMi6SHwmEeyfO4QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-15 00:51:16
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 03:06:06
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 23:06:00.528258 2026] [security2:error] [pid 14668:tid 14668] [client 95.75.212.104:3280] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|benchmarkbcs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "benchmarkbcs.com"] [uri "/xmlrpc.php"] [unique_id "alWnmF_sedQNm7R_LHnRXQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 02:41:33
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:41:25.868302 2026] [security2:error] [pid 6440:tid 6440] [client 95.75.212.104:3646] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|dwightbrown.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dwightbrown.com"] [uri "/xmlrpc.php"] [unique_id "alWh1ZsUvgA1hPkEZZkAXgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 02:04:05
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:04:01.721218 2026] [security2:error] [pid 11885:tid 11885] [client 95.75.212.104:3990] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|anchor07.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "anchor07.com"] [uri "/xmlrpc.php"] [unique_id "alWZEfzsv3x29qin_nNJ9gAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-13 07:02:28
(4 days ago)
(wordpress) Failed wordpress login from 95.75.212.104 (IT/Italy/-)
Brute-Force
๐บ๐ธ
WeekendWeb
2026-07-12 14:58:38
(5 days ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 08:27:21
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 95.75.212.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 04:27:15.331961 2026] [security2:error] [pid 31619:tid 31621] [client 95.75.212.104:3668] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.75.212.104 (+1 hits since last alert)|campingcosmetics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "campingcosmetics.com"] [uri "/xmlrpc.php"] [unique_id "alNP48HSyz8CdkapjUTuTAAAAMA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-12 05:18:00
(5 days ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=www.physio-kinisi.gr; logs=/var/log/httpd/domains/physio-ki ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=www.physio-kinisi.gr; logs=/var/log/httpd/domains/physio-kinisi.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack