๐บ๐ธ
TPI-Abuse
2026-07-09 07:28:27
(11 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 03:28:20.366067 2026] [security2:error] [pid 21169:tid 21169] [client 115.135.161.28:58029] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.135.161.28 (+1 hits since last alert)|lyldevelopers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lyldevelopers.com"] [uri "/xmlrpc.php"] [unique_id "ak9NlATjiAKDnLc6pGbRuwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-09 07:25:44
(11 hours ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; ht ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; https://wordpress.com","Jetpack by WordPress.com","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)","Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-09 06:55:11
(12 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
lostswordfish.com
2026-07-09 05:30:05
(13 hours ago)
Wordfence waf block on baystatereentrynetwork
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 04:12:44
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 00:12:41.593557 2026] [security2:error] [pid 30510:tid 30510] [client 115.135.161.28:60084] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.135.161.28 (+1 hits since last alert)|doreenkimura.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doreenkimura.com"] [uri "/xmlrpc.php"] [unique_id "ak8fuQpDPv18LdfHXcU7JwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-08 08:29:00
(1 day ago)
(wordpress) Failed wordpress login from 115.135.161.28 (MY/Malaysia/-)
Brute-Force
๐ซ๐ท
dynamix
2026-07-08 04:02:33
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-08 03:59:45
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-07 06:22:17
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 02:22:12.432885 2026] [security2:error] [pid 5582:tid 5582] [client 115.135.161.28:49354] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.135.161.28 (+1 hits since last alert)|modalguitarist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "modalguitarist.com"] [uri "/xmlrpc.php"] [unique_id "akybFB9CDRfAleXOgk84VAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 04:51:35
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 00:51:31.528523 2026] [security2:error] [pid 31241:tid 31244] [client 115.135.161.28:59953] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.135.161.28 (+1 hits since last alert)|jimlawrencesongs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jimlawrencesongs.com"] [uri "/xmlrpc.php"] [unique_id "akyF07gwszT7AjIGsNxEcQAAAQE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 04:20:54
(2 days ago)
Bad Web Bot
Web App Attack
๐ซ๐ท
francoisunix
2026-07-07 02:21:54
(2 days ago)
115.135.161.28 - - [07/Jul/2026:02:21:30 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by ...
show more
115.135.161.28 - - [07/Jul/2026:02:21:30 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
115.135.161.28 - - [07/Jul/2026:02:21:40 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/13.0; WordPress/6.3; http://site91258792.com"
115.135.161.28 - - [07/Jul/2026:02:21:40 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.1; WordPress/6.1; http://site94983410.com"
115.135.161.28 - - [07/Jul/2026:02:21:51 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com"
115.135.161.28 - - [07/Jul/2026:02:21:51 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-07 01:22:36
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฆ๐บ
screwlooseit.com.au
2026-07-06 05:43:39
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
MY/Malaysia/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 04:45:25
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 115.135.161.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 00:45:17.326862 2026] [security2:error] [pid 31419:tid 31419] [client 115.135.161.28:59694] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.135.161.28 (+1 hits since last alert)|kaylamaclaincounseling.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kaylamaclaincounseling.com"] [uri "/xmlrpc.php"] [unique_id "aksy3cYyewxISI6sAIYU2QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack