๐บ๐ธ
TPI-Abuse
2026-06-29 01:33:02
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 21:32:57.385693 2026] [security2:error] [pid 7565:tid 7565] [client 105.224.69.41:56535] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.224.69.41 (+1 hits since last alert)|newcastle91.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newcastle91.org"] [uri "/xmlrpc.php"] [unique_id "akHLSXM-SfAvENCe5SViLAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-28 22:15:57
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net
Web App Attack
๐บ๐ธ
cwytech
2026-06-27 18:57:18
(2 days ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-06-27 16:11:08
(2 days ago)
(xmlrpc) Failed xmlrpc access from 105.224.69.41 (ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net) ...
show more
(xmlrpc) Failed xmlrpc access from 105.224.69.41 (ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-26 23:31:53
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:31:45.421434 2026] [security2:error] [pid 17258:tid 17258] [client 105.224.69.41:63200] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.224.69.41 (+1 hits since last alert)|kadinisi.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kadinisi.org"] [uri "/xmlrpc.php"] [unique_id "aj8L4cEUsU7jwXSBV7UtjAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 16:06:19
(3 days ago)
(wordpress) Failed wordpress login from 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net)
Brute-Force
๐ง๐ช
cmbplf
2026-06-26 05:33:27
(4 days ago)
3.397 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ซ๐ท
dynamix
2026-06-26 04:00:14
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 01:20:38
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:20:31.033088 2026] [security2:error] [pid 28884:tid 28884] [client 105.224.69.41:55032] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.224.69.41 (+1 hits since last alert)|goldcountrygermanamericanclub.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "goldcountrygermanamericanclub.org"] [uri "/xmlrpc.php"] [unique_id "aj3T3yPxp0VY0jMzCT-U-gAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 00:51:15
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 20:51:08.360777 2026] [security2:error] [pid 27947:tid 27947] [client 105.224.69.41:56748] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.224.69.41 (+1 hits since last alert)|activethinkers.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "activethinkers.net"] [uri "/xmlrpc.php"] [unique_id "aj3M_NnR3qx4ibnMgA6VXAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2025-12-23 11:24:16
(6 months ago)
Detected attack and reported by a human
DDoS Attack
Brute-Force
Bad Web Bot
Exploited Host
Web App Attack
SSH
Anonymous
2025-11-25 05:37:58
(7 months ago)
scanning http requests from known botnet
Web App Attack