๐บ๐ธ
TPI-Abuse
2026-07-03 10:45:17
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:45:10.261335 2026] [security2:error] [pid 10306:tid 10306] [client 102.110.8.12:57673] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "akeStvHgyBB_YCRltdCAmwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 11:28:31
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 07:28:24.968388 2026] [security2:error] [pid 6621:tid 6621] [client 102.110.8.12:49949] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|stantontownship.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stantontownship.org"] [uri "/xmlrpc.php"] [unique_id "akZLWA0KXwfBFlAuXOxaFgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
tecnicorioja
2026-07-01 22:02:35
(1 day ago)
POST /xmlrpc.php [01/Jul/2026:10:57:58
Web App Attack
Brute-Force
๐บ๐ธ
WeekendWeb
2026-07-01 13:31:31
(1 day ago)
Wordpress Vunerability attack
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-01 12:31:31
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 12:02:53
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 08:02:46.404409 2026] [security2:error] [pid 7653:tid 7653] [client 102.110.8.12:56026] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|egelfitness.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "egelfitness.nl"] [uri "/xmlrpc.php"] [unique_id "akUB5l5bu1FuuiV1lDRXSQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 09:30:26
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 05:30:22.920060 2026] [security2:error] [pid 15235:tid 15235] [client 102.110.8.12:63810] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|churchbehindthewalls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "churchbehindthewalls.com"] [uri "/xmlrpc.php"] [unique_id "akTeLtVRVXWTvmtvfKUxBwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-24 10:25:06
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-24 08:47:23
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 04:47:17.713062 2026] [security2:error] [pid 5002:tid 5027] [client 102.110.8.12:58638] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||giere.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "giere.us"] [uri "/wp-json/wp/v2/users"] [unique_id "ajuZlYlDINjW_0jOhlQQowAAAJU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-22 10:49:44
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ช๐ธ
gnom4ik
2026-06-19 09:36:24
(2 weeks ago)
ban-reviewer auto report; ip=102.110.8.12; scenario=http:exploit; scenario_context=http:exploit,fire ...
show more
ban-reviewer auto report; ip=102.110.8.12; scenario=http:exploit; scenario_context=http:exploit,firehol_greensnow; verdict=valid_ban; confidence=0.92; categories=21; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high; scenario_attack_class
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 09:34:28
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:34:25.785853 2026] [security2:error] [pid 5080:tid 5080] [client 102.110.8.12:62281] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|prostar.industries|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "prostar.industries"] [uri "/xmlrpc.php"] [unique_id "ajO7oVuCauXcA97sKvvdngAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 08:31:28
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.110.8.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:31:22.296104 2026] [security2:error] [pid 5474:tid 5474] [client 102.110.8.12:65377] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.110.8.12 (+1 hits since last alert)|pharmaceuticalsalescareerhub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescareerhub.com"] [uri "/xmlrpc.php"] [unique_id "ajOs2lE2KzecCESCEGO-WgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-17 13:34:19
(2 weeks ago)
(wordpress) Failed wordpress login from 102.110.8.12 (TN/Tunisia/-)
Brute-Force
Anonymous
2026-06-17 12:33:04
(2 weeks ago)
[redacted] 102.110.8.12 - - [17/Jun/2026:14:32:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Je ...
show more
[redacted] 102.110.8.12 - - [17/Jun/2026:14:32:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 102.110.8.12 - - [17/Jun/2026:14:32:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.3; http://site58252125.com"
[redacted] 102.110.8.12 - - [17/Jun/2026:14:32:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.4; http://site98991636.com"
[redacted] 102.110.8.12 - - [17/Jun/2026:14:32:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 102.110.8.12 - - [17/Jun/2026:14:33:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
...
show less
Hacking
Web App Attack