๐บ๐ธ
TPI-Abuse
2026-07-11 07:59:12
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:59:07.263144 2026] [security2:error] [pid 16495:tid 16495] [client 102.209.58.4:59911] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|lovebuilds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lovebuilds.com"] [uri "/xmlrpc.php"] [unique_id "alH3y6ZpnU7eG97FmXdt_AAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-11 05:05:01
(7 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 21:03:59
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 17:03:52.714628 2026] [security2:error] [pid 7265:tid 7265] [client 102.209.58.4:51081] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|btsalesrep.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "btsalesrep.com"] [uri "/xmlrpc.php"] [unique_id "alFeOLi1SMFilNsPE-eyPAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 10:47:02
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 06:46:57.224875 2026] [security2:error] [pid 25677:tid 25677] [client 102.209.58.4:60215] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|lakependoreillemobility.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lakependoreillemobility.com"] [uri "/xmlrpc.php"] [unique_id "alDNoeVu5SNjEcEm-pkRZwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
noise.agency
2026-07-10 09:49:02
(1 day ago)
(mod_security) mod_security triggered on hostname [redacted] 102.209.58.4 (KE/Kenya/-)
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-10 09:17:09
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 05:17:01.428508 2026] [security2:error] [pid 14387:tid 14387] [client 102.209.58.4:52715] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|somehand.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "somehand.com"] [uri "/xmlrpc.php"] [unique_id "alC4jYV2q-KGq_B7-1ydNQAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-10 09:13:16
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 20:52:46
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 16:52:38.623533 2026] [security2:error] [pid 32760:tid 32760] [client 102.209.58.4:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|avaliantlife.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "avaliantlife.com"] [uri "/xmlrpc.php"] [unique_id "alAKFj953MtC2mWYyvHxsQAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 20:20:09
(1 day ago)
102.209.58.4 - - [09/Jul/2026:22:19:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com ...
show more
102.209.58.4 - - [09/Jul/2026:22:19:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com"
102.209.58.4 - - [09/Jul/2026:22:19:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com"
102.209.58.4 - - [09/Jul/2026:22:19:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
102.209.58.4 - - [09/Jul/2026:22:19:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack/12.5; WordPress/6.3; http://site46011850.com"
102.209.58.4 - - [09/Jul/2026:22:20:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 09:26:04
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 05:25:59.334225 2026] [security2:error] [pid 3180:tid 3271] [client 102.209.58.4:65343] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 102.209.58.4 (+1 hits since last alert)|bortec-corp.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bortec-corp.com"] [uri "/xmlrpc.php"] [unique_id "ak9pJzAB4aAzfhTdHsYmoQAAAFE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
EGP Abuse Dept
2026-07-06 23:59:46
(4 days ago)
Scraping webshop URLs (creall.com), likely botnet drone
Bad Web Bot
Exploited Host
๐บ๐ธ
kosada.com
2026-06-29 09:48:05
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐ฉ๐ช
Vegascosmetics
2026-06-20 15:26:59
(2 weeks ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐ฌ๐ง
PeravixGroup
2026-05-11 20:47:38
(1 month ago)
Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ...
show more
Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud
show less
IoT Targeted
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-04-18 16:35:10
(2 months ago)
(mod_security) mod_security (id:210381) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210381) triggered by 102.209.58.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 12:35:03.148699 2026] [security2:error] [pid 31785:tid 31809] [client 102.209.58.4:46728] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||www.mentzlaw.com|F|4"] [data "REQUEST_URI=/louisianachildcustodylawyer/%url%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.mentzlaw.com"] [uri "/louisianachildcustodylawyer/%url%"] [unique_id "aeOyt4wb07yVBrkBpVSzrgAAAZY"]
show less
Brute-Force
Bad Web Bot
Web App Attack