Anonymous
2026-07-10 09:55:03
(1 day ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 06:23:55
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 02:23:49.659872 2026] [security2:error] [pid 19337:tid 19337] [client 103.141.126.102:55949] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|seagrovesrealty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seagrovesrealty.com"] [uri "/xmlrpc.php"] [unique_id "alCP9Y2nkcI2ZugVbVEaZgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-10 05:18:09
(1 day ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; https://wordpress.com"]
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 04:55:50
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:55:43.870780 2026] [security2:error] [pid 29913:tid 29913] [client 103.141.126.102:64002] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|jesussotoca.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jesussotoca.com"] [uri "/xmlrpc.php"] [unique_id "alB7TxQlXm1-qeANVVthjQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2026-07-09 02:21:24
(2 days ago)
(wordpress) Failed wordpress login from 103.141.126.102 (IN/India/undefined.hostname.localhost): (C ...
show more
(wordpress) Failed wordpress login from 103.141.126.102 (IN/India/undefined.hostname.localhost): (CF_ENABLE)
show less
Brute-Force
๐ซ๐ท
dynamix
2026-07-09 02:00:22
(2 days ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 19:34:07
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 15:34:00.694200 2026] [security2:error] [pid 16924:tid 16924] [client 103.141.126.102:52062] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|ismaelcavazos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ismaelcavazos.com"] [uri "/xmlrpc.php"] [unique_id "ak6mKEa3MYd1l8TZ7f2usQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 16:48:05
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:48:00.069296 2026] [security2:error] [pid 9713:tid 9713] [client 103.141.126.102:55971] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|apexandroids.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "apexandroids.com"] [uri "/xmlrpc.php"] [unique_id "ak5_QK9TWH5L_pQsIF18AAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 14:21:08
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 10:21:04.426317 2026] [security2:error] [pid 11086:tid 11086] [client 103.141.126.102:63480] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|technesa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "ak5c0B4_0LMh1EPFSpR2IgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-08 14:13:21
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
IN/India/undefined.hostname.localhost
Web App Attack
๐ฉ๐ช
konseptit
2026-07-08 11:45:57
(3 days ago)
(wordpress) Failed wordpress login from 103.141.126.102 (IN/India/undefined.hostname.localhost)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-08 05:08:06
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 01:08:02.663469 2026] [security2:error] [pid 15289:tid 15396] [client 103.141.126.102:63949] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lancasterdesignercraftsmen.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lancasterdesignercraftsmen.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ak3bMp2f3ZlmVlbXCdfn7AAAAkU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ท
ycoskun41
2026-07-08 04:33:15
(3 days ago)
fail2ban: plesk-modsecurity jail on genckocaeli.com
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 02:29:49
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): ...
show more
(mod_security) mod_security (id:240335) triggered by 103.141.126.102 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 22:29:42.444260 2026] [security2:error] [pid 12947:tid 12947] [client 103.141.126.102:65051] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.141.126.102 (+1 hits since last alert)|loriarsenault.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "loriarsenault.com"] [uri "/xmlrpc.php"] [unique_id "ak22FrdgrW4hznNy4YId7QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-08 01:21:55
(3 days ago)
(xmlrpc) Failed xmlrpc access from 103.141.126.102 (IN/India/undefined.hostname.localhost): 5 in the ...
show more
(xmlrpc) Failed xmlrpc access from 103.141.126.102 (IN/India/undefined.hostname.localhost): 5 in the last 3600 secs (0-122)
show less
Hacking