๐ช๐ธ
alferez
2026-07-13 18:46:21
(1 day ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 23:31:15
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 19:31:10.574809 2026] [security2:error] [pid 16477:tid 16477] [client 98.98.9.24:60045] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 98.98.9.24 (+1 hits since last alert)|thesalonx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thesalonx.com"] [uri "/xmlrpc.php"] [unique_id "akmXvsBNwle8XGz0AU5x1QAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 15:39:20
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 11:39:13.260240 2026] [security2:error] [pid 16778:tid 16778] [client 98.98.9.24:64924] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 98.98.9.24 (+1 hits since last alert)|thesalonx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thesalonx.com"] [uri "/xmlrpc.php"] [unique_id "aiwoIeYBsxZeFSVG3h07gAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
threatintelligence_bvc
2026-05-29 02:57:57
(1 month ago)
Brute-Force
๐ช๐ธ
sshtmp
2026-05-21 06:54:09
(1 month ago)
[AbuseIPDB auto-report]
Attack: WordPress XML-RPC brute-force
Hits: 3342 | First: 2026-05-17T23:44:0 ...
show more
[AbuseIPDB auto-report]
Attack: WordPress XML-RPC brute-force
Hits: 3342 | First: 2026-05-17T23:44:09+02:00 | Last: 2026-05-21T08:54:09+02:00
Samples: POST /xmlrpc.php [200] | POST /xmlrpc.php [408] | POST /xmlrpc.php [403] | POST /xmlrpc.php [503]
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-18 04:40:56
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 00:40:47.976601 2026] [security2:error] [pid 23946:tid 23946] [client 98.98.9.24:51990] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 98.98.9.24 (+1 hits since last alert)|odysseydogasporlari.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odysseydogasporlari.com"] [uri "/xmlrpc.php"] [unique_id "agqYT-JP7ysRApgVymeN3QAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-17 21:51:25
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:240335) triggered by 98.98.9.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 17:51:19.909989 2026] [security2:error] [pid 25247:tid 25247] [client 98.98.9.24:50091] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 98.98.9.24 (+1 hits since last alert)|thesalonx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thesalonx.com"] [uri "/xmlrpc.php"] [unique_id "ago4Vw21QTp1umzjQZ2ezgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-02-16 02:25:58
(4 months ago)
Detected mail brute force attack from 4 different servers
Brute-Force
๐บ๐ธ
threatintelligence_bvc
2026-01-30 04:50:25
(5 months ago)
Brute-Force
๐บ๐ธ
threatintelligence_bvc
2026-01-06 18:09:01
(6 months ago)
Brute-Force
๐ซ๐ท
Dampen59
2025-10-19 23:44:54
(8 months ago)
(smtpauth) Failed SMTP AUTH login from 98.98.9.24 (CL/Chile/-): 5 in the last 3600 secs; Ports: *; D ...
show more
(smtpauth) Failed SMTP AUTH login from 98.98.9.24 (CL/Chile/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2025-10-20 01:44:31 dovecot_plain authenticator failed for ([10.0.4.187]) [98.98.9.24]:51277: 535 Incorrect authentication data ([email protected] )
2025-10-20 01:44:37 dovecot_login authenticator failed for ([10.0.4.187]) [98.98.9.24]:51277: 535 Incorrect authentication data ([email protected] )
2025-10-20 01:44:39 dovecot_plain authenticator failed for ([10.0.4.187]) [98.98.9.24]:51848: 535 Incorrect authentication data ([email protected] )
2025-10-20 01:44:46 dovecot_login authenticator failed for ([10.0.4.187]) [98.98.9.24]:51848: 535 Incorrect authentication data ([email protected] )
2025-10-20 01:44:51 dovecot_plain authenticator failed for ([10.0.4.187]) [98.98.9.24]:53508: 535 Incorrect authentication data ([email protected] )
show less
Port Scan
Anonymous
2025-10-19 21:54:12
(8 months ago)
Ports: 25,2525,465,587,2525; Direction: 0; Trigger: LF_SMTPAUTH
Brute-Force
SSH
Anonymous
2025-10-19 21:23:46
(8 months ago)
Ports: 25,2525,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-10-19 21:18:02
(8 months ago)
BruteForce IMAP/POP3/SMTP
Brute-Force
Anonymous
2025-10-19 21:04:32
(8 months ago)
(smtpauth) Failed SMTP AUTH login from 98.98.9.24 (CL/Chile/Santiago Metropolitan/Santiago/-/[redact ...
show more
(smtpauth) Failed SMTP AUTH login from 98.98.9.24 (CL/Chile/Santiago Metropolitan/Santiago/-/[redacted])
show less
Brute-Force