π«π·
LRob
2026-07-06 21:05:49
(2 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack/12.0; Wor ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack/12.0; WordPress/6.4; http://site41767952.com","WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 20:07:19
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 16:07:12.152917 2026] [security2:error] [pid 13533:tid 13533] [client 109.120.139.18:61407] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|edgecomix.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edgecomix.com"] [uri "/xmlrpc.php"] [unique_id "akwK8MQHQtL_-Zkgogk7fwAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
LRob
2026-07-06 20:04:12
(2 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","WordPress.com; https://wordpress.com","Jetpack/12.5; WordPress/6.1; http://site92168237.com","Jetpack/13.0; WordPress/6.4
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 08:13:53
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 04:13:47.505293 2026] [security2:error] [pid 21827:tid 21827] [client 109.120.139.18:49205] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|josephshv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "josephshv.com"] [uri "/xmlrpc.php"] [unique_id "aktjuyk_aElytQLa_YkyZwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 07:41:57
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 03:41:50.586919 2026] [security2:error] [pid 25114:tid 25114] [client 109.120.139.18:53762] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|writebetweenthelines.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "writebetweenthelines.com"] [uri "/xmlrpc.php"] [unique_id "aktcPlqRCGCpDfk6x32B5wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-05 20:46:05
(3 days ago)
109.120.139.18 - - [05/Jul/2026:22:45:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ...
show more
109.120.139.18 - - [05/Jul/2026:22:45:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
109.120.139.18 - - [05/Jul/2026:22:45:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
109.120.139.18 - - [05/Jul/2026:22:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
109.120.139.18 - - [05/Jul/2026:22:45:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)"
109.120.139.18 - - [05/Jul/2026:22:46:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
π³π±
GabrielJST
2026-07-05 15:58:29
(4 days ago)
(wordpress) Failed wordpress login from 109.120.139.18 (-)
Brute-Force
πͺπΈ
masterguru
2026-07-05 14:31:03
(4 days ago)
(xmlrpc) Failed xmlrpc access from 109.120.139.18 (NL/The Netherlands/-): 5 in the last 3600 secs (0 ...
show more
(xmlrpc) Failed xmlrpc access from 109.120.139.18 (NL/The Netherlands/-): 5 in the last 3600 secs (0-122)
show less
Hacking
πΊπΈ
TPI-Abuse
2026-07-05 11:56:49
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 07:56:44.209744 2026] [security2:error] [pid 8836:tid 8836] [client 109.120.139.18:53414] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|waterspell.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterspell.net"] [uri "/xmlrpc.php"] [unique_id "akpGfLeCmsKp1uwIdjqARQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 17:34:23
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 13:34:15.835192 2026] [security2:error] [pid 17455:tid 17455] [client 109.120.139.18:58879] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|bethanpearce.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bethanpearce.com"] [uri "/xmlrpc.php"] [unique_id "aklEF2Tu2v0KPbOoWmeWVwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 17:02:08
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 13:02:01.087428 2026] [security2:error] [pid 10472:tid 10472] [client 109.120.139.18:53866] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|integrabroadcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "integrabroadcast.com"] [uri "/xmlrpc.php"] [unique_id "akk8iQqgYgdFBgmqzmC2nQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
integrantservices.com
2026-07-04 13:58:44
(5 days ago)
(wordpress) Failed wordpress login from 109.120.139.18 (-)
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-04 10:24:05
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 06:23:58.303987 2026] [security2:error] [pid 29332:tid 29332] [client 109.120.139.18:65264] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|reyadecostarica.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reyadecostarica.com"] [uri "/xmlrpc.php"] [unique_id "akjfPl0v4Cktd51D1pjULAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 19:15:20
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 109.120.139.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:15:12.278396 2026] [security2:error] [pid 28936:tid 28936] [client 109.120.139.18:58255] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 109.120.139.18 (+1 hits since last alert)|gerrytolentino.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gerrytolentino.net"] [uri "/xmlrpc.php"] [unique_id "akgKQKXz2HivyLwgUQ4fXAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack