๐บ๐ธ
kosada.com
2026-06-29 09:45:28
(2 days ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 16:45:21
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:45:16.966448 2026] [security2:error] [pid 8215:tid 8239] [client 197.211.59.59:42185] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|michaelrandon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michaelrandon.com"] [uri "/xmlrpc.php"] [unique_id "aj_-HASBL-iEgJOuUYDW3QAAAFQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 16:03:48
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 12:03:41.417818 2026] [security2:error] [pid 30088:tid 30088] [client 197.211.59.59:63949] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|iplayriichi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iplayriichi.com"] [uri "/xmlrpc.php"] [unique_id "aj1RXWP9_IPGvXmr7DY1cwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 10:49:39
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:49:34.949974 2026] [security2:error] [pid 7766:tid 7766] [client 197.211.59.59:12604] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|medusakenya.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "medusakenya.com"] [uri "/xmlrpc.php"] [unique_id "ajPNPvhgf-YdALmmIys6SQAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 09:19:53
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:19:45.576249 2026] [security2:error] [pid 9515:tid 9515] [client 197.211.59.59:46101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|serranoscoffee.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "serranoscoffee.com"] [uri "/xmlrpc.php"] [unique_id "ajO4MQQUBHBk-znvDVW7CAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-06-17 01:31:03
(2 weeks ago)
trying wp-login.php/xmlrpc.php 31 times in 1 minutes
Brute-Force
Web App Attack
Anonymous
2026-06-15 11:30:59
(2 weeks ago)
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ...
show more
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.2; http://site91516285.com"
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 197.211.59.59 - - [15/Jun/2026:13:30:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site47531107.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 10:33:29
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 06:33:22.735941 2026] [security2:error] [pid 24199:tid 24199] [client 197.211.59.59:63881] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|caymancline.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "ai_U8l2oA01GMONJJ9bsvAAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-13 11:30:58
(2 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-06-13 09:26:54
(2 weeks ago)
[osotir.org] httpd-xmlrpc-post: sites=drasimas.gr; logs=/var/log/httpd/domains/drasimas.gr.log; samp ...
show more
[osotir.org] httpd-xmlrpc-post: sites=drasimas.gr; logs=/var/log/httpd/domains/drasimas.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
Anonymous
2026-06-13 07:44:21
(2 weeks ago)
Bad Web Bot
Web App Attack
๐ฉ๐ช
iNetWorker
2026-06-04 09:41:09
(3 weeks ago)
firewall-block, port(s): 445/tcp
Port Scan
๐ซ๐ท
dynamix
2026-06-03 01:00:55
(4 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-06-02 19:44:52
(4 weeks ago)
[ns65.kdns.gr] httpd-xmlrpc-post: sites=andromedaln.space; logs=/var/log/httpd/domains/andromedaln.s ...
show more
[ns65.kdns.gr] httpd-xmlrpc-post: sites=andromedaln.space; logs=/var/log/httpd/domains/andromedaln.space.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 19:43:17
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 197.211.59.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:43:13.135724 2026] [security2:error] [pid 11529:tid 11529] [client 197.211.59.59:30100] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.211.59.59 (+1 hits since last alert)|anchor07.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "anchor07.com"] [uri "/xmlrpc.php"] [unique_id "ah8yUcTMzyqgn-GGvsSfHAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack