๐บ๐ธ
TPI-Abuse
2026-07-07 11:21:49
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 07:21:41.300583 2026] [security2:error] [pid 367:tid 367] [client 103.111.39.122:17559] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.111.39.122 (+1 hits since last alert)|bevensangi.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bevensangi.com"] [uri "/xmlrpc.php"] [unique_id "akzhRXce65Feknk0I42iQQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 08:46:10
(3 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-06 06:41:52
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 02:41:45.729568 2026] [security2:error] [pid 26860:tid 26860] [client 103.111.39.122:25149] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.111.39.122 (+1 hits since last alert)|wildlandconservancy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wildlandconservancy.com"] [uri "/xmlrpc.php"] [unique_id "aktOKeXzY3TnFPGXxestRwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-06 05:29:49
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
CN/China/103-111-39-122.ghinternet.com
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-03 18:56:47
(6 days ago)
(wordpress) Failed wordpress login from 103.111.39.122 (PK/Pakistan/103-111-39-122.ghinternet.com)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-03 16:15:41
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 12:15:37.904303 2026] [security2:error] [pid 13560:tid 13560] [client 103.111.39.122:10563] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.111.39.122 (+1 hits since last alert)|susanleeward.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "susanleeward.com"] [uri "/xmlrpc.php"] [unique_id "akfgKd_T_afafvo5XUX9twAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 15:45:46
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 11:45:41.776219 2026] [security2:error] [pid 20561:tid 20561] [client 103.111.39.122:63269] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.111.39.122 (+1 hits since last alert)|thinkingepic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thinkingepic.com"] [uri "/xmlrpc.php"] [unique_id "akfZJYQq07CjmXd3JGymAgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-02 11:14:06
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
CN/China/103-111-39-122.ghinternet.com
Web App Attack
๐บ๐ธ
factor1
2026-06-25 09:21:25
(2 weeks ago)
Fail2ban at saturn Reports Abuse.
Bad Web Bot
Anonymous
2026-06-18 10:18:54
(3 weeks ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=enerescpm.com; logs=/var/log/httpd/domains/enerescpm.com.log ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=enerescpm.com; logs=/var/log/httpd/domains/enerescpm.com.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 14:59:48
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:59:41.216660 2026] [security2:error] [pid 30469:tid 30469] [client 103.111.39.122:20685] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||doublenaughtspycar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doublenaughtspycar.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajFk3ZXKOQkQP8x_DsDiTwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Marc
2026-06-16 09:30:10
(3 weeks ago)
103.111.39.122 - - [16/Jun/2026:11:29:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "WordPress. ...
show more
103.111.39.122 - - [16/Jun/2026:11:29:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "WordPress.com; https://wordpress.com" 103.111.39.122 - - [16/Jun/2026:11:29:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "WordPress.com; https://wordpress.com" 103.111.39.122 - - [16/Jun/2026:11:30:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack by WordPress.com"
show less
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-06-16 07:58:21
(3 weeks ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-13 16:51:40
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.111.39.122 (103-111-39-122.ghinternet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 12:51:34.832457 2026] [security2:error] [pid 31819:tid 31953] [client 103.111.39.122:14291] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.111.39.122 (+1 hits since last alert)|davidholls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "davidholls.com"] [uri "/xmlrpc.php"] [unique_id "ai2Klm4PkxuyOwBVXxypLAAAARU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-11 08:56:13
(4 weeks ago)
Attac
Brute-Force