๐บ๐ธ
TPI-Abuse
2026-06-09 10:53:51
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 06:53:44.396490 2026] [security2:error] [pid 27324:tid 27324] [client 103.163.166.131:62651] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.163.166.131 (+1 hits since last alert)|kmelson.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kmelson.com"] [uri "/xmlrpc.php"] [unique_id "aifwuAlC8J0D5g5_8hbtVAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-09 05:13:45
(4 weeks ago)
[redacted] 103.163.166.131 - - [09/Jun/2026:07:12:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 103.163.166.131 - - [09/Jun/2026:07:12:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 103.163.166.131 - - [09/Jun/2026:07:13:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
[redacted] 103.163.166.131 - - [09/Jun/2026:07:13:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 103.163.166.131 - - [09/Jun/2026:07:13:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site69071895.com"
[redacted] 103.163.166.131 - - [09/Jun/2026:07:13:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
Anonymous
2026-06-08 07:42:06
(4 weeks ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
Marc
2026-06-08 07:10:45
(4 weeks ago)
103.163.166.131 - - [08/Jun/2026:09:10:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3552 "-" "Jetpack/1 ...
show more
103.163.166.131 - - [08/Jun/2026:09:10:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3552 "-" "Jetpack/12.0; WordPress/6.1; http://site94272205.com" 103.163.166.131 - - [08/Jun/2026:09:10:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3552 "-" "Jetpack by WordPress.com" 103.163.166.131 - - [08/Jun/2026:09:10:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3552 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
show less
Brute-Force
Web App Attack
Anonymous
2026-06-05 06:57:37
(1 month ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=ph-achd2024.com; logs=/var/log/httpd/domains/ph-achd2024.co ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=ph-achd2024.com; logs=/var/log/httpd/domains/ph-achd2024.com.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐ซ๐ท
applemooz
2026-06-05 05:15:11
(1 month ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ฉ๐ช
abdubhai
2026-06-04 07:10:01
(1 month ago)
103.163.166.131 - - [04/Jun/2026
...
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-04 06:32:48
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:32:43.250833 2026] [security2:error] [pid 25506:tid 25506] [client 103.163.166.131:64493] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.163.166.131 (+1 hits since last alert)|superzilla.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "superzilla.com"] [uri "/xmlrpc.php"] [unique_id "aiEcC_XgfVXERxAAB8VH8AAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-04 05:30:43
(1 month ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
Anonymous
2026-06-03 07:04:28
(1 month ago)
Attac
Brute-Force
Anonymous
2026-06-03 06:06:37
(1 month ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-03 06:06:33
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.163.166.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:06:29.414553 2026] [security2:error] [pid 4655:tid 4655] [client 103.163.166.131:23562] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.163.166.131 (+1 hits since last alert)|faithlines.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "faithlines.com"] [uri "/xmlrpc.php"] [unique_id "ah_EZerYT1nwL5sQXdogFQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack