๐ซ๐ท
LRob
2026-07-06 08:55:00
(1 week ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; ht ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; https://wordpress.com","Jetpack/12.1; WordPress/6.3; http://site71034172.com","Jetpack by WordPress.com","Jetpack by WordPress.com (J
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 07:36:21
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:36:15.286624 2026] [security2:error] [pid 24343:tid 24343] [client 197.225.160.122:60386] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.225.160.122 (+1 hits since last alert)|famagustacyprus.eu|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "famagustacyprus.eu"] [uri "/xmlrpc.php"] [unique_id "akdmb3g9gngKnUDt33SvLQAAACs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Vegascosmetics
2026-07-01 09:10:27
(2 weeks ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐ฉ๐ช
rh24
2026-06-29 06:58:31
(2 weeks ago)
(xmlrpc_405) XMLRPC-Bot 405 197.225.160.122 (MU/Mauritius/-)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-26 10:38:56
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 06:38:49.439793 2026] [security2:error] [pid 29097:tid 29097] [client 197.225.160.122:54334] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.225.160.122 (+1 hits since last alert)|aseguratuauto.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aseguratuauto.com"] [uri "/xmlrpc.php"] [unique_id "aj5WuVCgtSQqg03n_bmRcwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 09:03:40
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 05:03:33.075083 2026] [security2:error] [pid 28409:tid 28409] [client 197.225.160.122:60642] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.225.160.122 (+1 hits since last alert)|caddydad.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caddydad.com"] [uri "/xmlrpc.php"] [unique_id "ajudZV_NJn0B1JgW3KuZfgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-15 08:33:17
(1 month ago)
197.225.160.122 - - [15/Jun/2026:10:32:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack/13 ...
show more
197.225.160.122 - - [15/Jun/2026:10:32:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack/13.0; WordPress/6.2; http://site86527021.com"
197.225.160.122 - - [15/Jun/2026:10:32:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
197.225.160.122 - - [15/Jun/2026:10:32:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack/12.1; WordPress/6.3; http://site52325477.com"
197.225.160.122 - - [15/Jun/2026:10:33:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
197.225.160.122 - - [15/Jun/2026:10:33:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
...
show less
Brute-Force
Web App Attack
๐ซ๐ฎ
YF
2026-06-15 08:00:43
(1 month ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-15 06:56:03
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 197.225.160.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:55:57.599640 2026] [security2:error] [pid 1539:tid 1539] [client 197.225.160.122:59380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 197.225.160.122 (+1 hits since last alert)|phalanxemail.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "phalanxemail.net"] [uri "/xmlrpc.php"] [unique_id "ai-h_fgBB_RG-pj7LAam4gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-06-03 10:16:06
(1 month ago)
197.225.160.122 - [03/Jun/2026:13:15:56 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by W ...
show more
197.225.160.122 - [03/Jun/2026:13:15:56 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
197.225.160.122 - [03/Jun/2026:13:16:06 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack/13.0; WordPress/6.3; http://site94607154.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-06-03 10:00:39
(1 month ago)
197.225.160.122 - [03/Jun/2026:13:00:32 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.co ...
show more
197.225.160.122 - [03/Jun/2026:13:00:32 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.com; https://wordpress.com" "-"
197.225.160.122 - [03/Jun/2026:13:00:39 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-06-01 08:40:54
(1 month ago)
197.225.160.122 - [01/Jun/2026:11:40:43 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by W ...
show more
197.225.160.122 - [01/Jun/2026:11:40:43 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
197.225.160.122 - [01/Jun/2026:11:40:53 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-06-01 08:25:25
(1 month ago)
197.225.160.122 - [01/Jun/2026:11:25:16 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack/12.5 ...
show more
197.225.160.122 - [01/Jun/2026:11:25:16 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack/12.5; WordPress/6.4; http://site48655282.com" "-"
197.225.160.122 - [01/Jun/2026:11:25:24 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack/12.5; WordPress/6.1; http://site69118220.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
xmission.com
2025-10-02 05:09:04
(9 months ago)
Blocked by UFW (TCP on 9101)
Source port: 50139
TTL: 113
Packet length: 52
TOS: 0x00
This report (f ...
show more
Blocked by UFW (TCP on 9101)
Source port: 50139
TTL: 113
Packet length: 52
TOS: 0x00
This report (for 197.225.160.122) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan