๐บ๐ธ
TPI-Abuse
2026-07-08 09:41:07
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 05:41:00.452980 2026] [security2:error] [pid 14659:tid 14659] [client 112.207.177.112:27355] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.207.177.112 (+1 hits since last alert)|seabreezeculvert.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seabreezeculvert.com"] [uri "/xmlrpc.php"] [unique_id "ak4bLCOCCGb824za7PZUpwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
francoisunix
2026-07-08 09:38:56
(1 day ago)
112.207.177.112 - - [08/Jul/2026:09:38:13 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by ...
show more
112.207.177.112 - - [08/Jul/2026:09:38:13 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
112.207.177.112 - - [08/Jul/2026:09:38:23 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
112.207.177.112 - - [08/Jul/2026:09:38:34 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
112.207.177.112 - - [08/Jul/2026:09:38:44 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
112.207.177.112 - - [08/Jul/2026:09:38:54 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 08:22:57
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 04:22:52.513357 2026] [security2:error] [pid 5785:tid 5785] [client 112.207.177.112:28414] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.207.177.112 (+1 hits since last alert)|fernfield.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fernfield.com"] [uri "/xmlrpc.php"] [unique_id "ak4I3G_NX6O3h6SQkTBNjgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 07:23:56
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 i ...
show more
(mod_security) mod_security (id:240335) triggered by 112.207.177.112 (112.207.177.112.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 03:23:52.484659 2026] [security2:error] [pid 13126:tid 13126] [client 112.207.177.112:29484] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 112.207.177.112 (+1 hits since last alert)|firstunitedreserve.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "firstunitedreserve.com"] [uri "/xmlrpc.php"] [unique_id "ak37CHVX-oa_W7uncnxmhwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-08 07:16:15
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-08 05:18:53
(1 day ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-08 05:09:00
(1 day ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-01 22:13:28
(1 week ago)
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show more
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-30.
show less
Web App Attack
SSH
Hacking
๐ฉ๐ช
filstal.org
2026-06-30 05:01:31
(1 week ago)
Web exploit or injection attempt blocked by ModSecurity WAF.
SQL Injection
Web App Attack