๐บ๐ธ
TPI-Abuse
2026-07-06 04:50:15
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:50:10.833281 2026] [security2:error] [pid 18633:tid 18646] [client 103.129.114.216:49413] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.129.114.216 (+1 hits since last alert)|wedgwoodclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wedgwoodclub.com"] [uri "/xmlrpc.php"] [unique_id "aks0AswjIcAo4wdTg0YLTgAAAUo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-07-05 04:34:03
(1 day ago)
Wordfence waf block on fairregistry
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-04 23:45:25
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
Marc
2026-07-04 20:59:19
(1 day ago)
103.129.114.216 - - [04/Jul/2026:22:58:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3976 "-" "Jetpack b ...
show more
103.129.114.216 - - [04/Jul/2026:22:58:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3976 "-" "Jetpack by WordPress.com" 103.129.114.216 - - [04/Jul/2026:22:59:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3977 "-" "WordPress.com; https://wordpress.com" 103.129.114.216 - - [04/Jul/2026:22:59:18 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3976 "-" "Jetpack/12.1; WordPress/6.1; http://site22191232.com"
show less
Brute-Force
Web App Attack
Anonymous
2026-07-04 13:13:05
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-04 04:18:46
(2 days ago)
103.129.114.216 - [04/Jul/2026:07:18:38 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18961 "-" "Jetpack by ...
show more
103.129.114.216 - [04/Jul/2026:07:18:38 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18961 "-" "Jetpack by WordPress.com" "-"
103.129.114.216 - [04/Jul/2026:07:18:45 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18048 "-" "WordPress.com; https://wordpress.com" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-04 04:03:34
(2 days ago)
103.129.114.216 - [04/Jul/2026:07:03:25 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by W ...
show more
103.129.114.216 - [04/Jul/2026:07:03:25 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-"
103.129.114.216 - [04/Jul/2026:07:03:34 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-03 13:11:21
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
BD/Bangladesh/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 12:11:58
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 08:11:51.305926 2026] [security2:error] [pid 32092:tid 32092] [client 103.129.114.216:52110] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.129.114.216 (+1 hits since last alert)|montidaunitour.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "montidaunitour.com"] [uri "/xmlrpc.php"] [unique_id "akenB1_zEJfZIyAisURhjgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 15:33:27
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 11:33:19.499865 2026] [security2:error] [pid 26851:tid 26851] [client 103.129.114.216:57976] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.129.114.216 (+1 hits since last alert)|lesdaniels.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lesdaniels.com"] [uri "/xmlrpc.php"] [unique_id "akaEv7LWGasQSeVlUQ3E8wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-01 22:01:29
(4 days ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-30.
show less
Web App Attack
SSH
Hacking
Anonymous
2026-07-01 04:03:10
(5 days ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-30 03:54:09
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 23:54:02.196948 2026] [security2:error] [pid 15497:tid 15497] [client 103.129.114.216:60634] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.129.114.216 (+1 hits since last alert)|thepercussionworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thepercussionworks.com"] [uri "/xmlrpc.php"] [unique_id "akM92oa1b2h9SuCmHsKC2AAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 01:54:06
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210492) triggered by 103.129.114.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 21:53:58.778723 2026] [security2:error] [pid 7114:tid 7114] [client 103.129.114.216:38062] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "soulybygrace.com"] [uri "/tmp/.env"] [unique_id "akMhtqJXQEG5pTqJEuOSbAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-29 14:30:08
(1 week ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH