๐บ๐ธ
TPI-Abuse
2026-07-18 21:37:17
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 17:37:09.878538 2026] [security2:error] [pid 1023309:tid 1023309] [client 102.129.147.192:34634] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|bluesbluff.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bluesbluff.com"] [uri "/xmlrpc.php"] [unique_id "alvyBSUUm1uPBVjGIaeVUwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-18 20:46:01
(5 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 20:36:51
(6 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 16:36:47.056909 2026] [security2:error] [pid 29732:tid 29732] [client 102.129.147.192:47208] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|jaragoodrich.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jaragoodrich.com"] [uri "/xmlrpc.php"] [unique_id "alvj39tYc819DL4V1eQwEAAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 19:16:16
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 15:16:08.394389 2026] [security2:error] [pid 8459:tid 8459] [client 102.129.147.192:42556] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|primemanagementmn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "primemanagementmn.com"] [uri "/xmlrpc.php"] [unique_id "alvQ-B1253aX0iB_HbnUbgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 16:50:23
(9 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 12:50:19.757692 2026] [security2:error] [pid 31978:tid 31987] [client 102.129.147.192:25360] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|gabegabel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gabegabel.com"] [uri "/xmlrpc.php"] [unique_id "aluuy00_EDLWSbDp0GCMGAAAAIc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-18 15:45:37
(10 hours ago)
(wordpress) Failed wordpress login from 102.129.147.192 (US/United States/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-18 14:46:18
(11 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 10:46:14.830110 2026] [security2:error] [pid 7405:tid 7405] [client 102.129.147.192:59337] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "aluRto0su7-ciZdqcCTM_QAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 13:17:19
(13 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 09:17:15.558170 2026] [security2:error] [pid 2993125:tid 2993142] [client 102.129.147.192:20473] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.129.147.192 (+1 hits since last alert)|nordicatrio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nordicatrio.com"] [uri "/xmlrpc.php"] [unique_id "alt8289r7poczHyz4-QMOAAAAQ4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-07-17 18:02:57
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.co ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: /xmlrpc.php | UA: Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-16 22:20:38
(2 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Jason Howell
2026-07-16 16:45:44
(2 days ago)
102.129.147.192 - - [16/Jul/2026:11:45:01 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "WordPress ...
show more
102.129.147.192 - - [16/Jul/2026:11:45:01 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "WordPress.com; https://wordpress.com"
102.129.147.192 - - [16/Jul/2026:11:45:12 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack by WordPress.com"
102.129.147.192 - - [16/Jul/2026:11:45:22 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack by WordPress.com"
102.129.147.192 - - [16/Jul/2026:11:45:33 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack by WordPress.com"
102.129.147.192 - - [16/Jul/2026:11:45:43 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4358 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 13:05:58
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 102.129.147.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:05:51.233956 2026] [security2:error] [pid 12442:tid 12442] [client 102.129.147.192:46003] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||digi-estudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "digi-estudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aljXL44D4CM5fu8tedLLqAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-16 12:20:14
(2 days ago)
102.129.147.192 - - [16/Jul/2026:08:17:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress ...
show more
102.129.147.192 - - [16/Jul/2026:08:17:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
102.129.147.192 - - [16/Jul/2026:08:19:20 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
102.129.147.192 - - [16/Jul/2026:08:19:41 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
102.129.147.192 - - [16/Jul/2026:08:19:52 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
102.129.147.192 - - [16/Jul/2026:08:20:13 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5118 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-16 12:15:32
(2 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/-
Web App Attack
Anonymous
2026-07-15 15:57:59
(3 days ago)
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 102.129.147.192 - - [15/Jul/2026:17:57:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack