Anonymous
2026-07-17 08:12:34
(44 minutes ago)
[redacted] 115.96.128.148 - - [17/Jul/2026:10:11:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 115.96.128.148 - - [17/Jul/2026:10:11:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
[redacted] 115.96.128.148 - - [17/Jul/2026:10:12:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
[redacted] 115.96.128.148 - - [17/Jul/2026:10:12:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site40086732.com"
[redacted] 115.96.128.148 - - [17/Jul/2026:10:12:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
[redacted] 115.96.128.148 - - [17/Jul/2026:10:12:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 06:21:32
(2 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-17 05:51:56
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:51:51.412619 2026] [security2:error] [pid 24262:tid 24305] [client 115.96.128.148:56942] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|dbestcarting.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dbestcarting.com"] [uri "/xmlrpc.php"] [unique_id "alnC96pHxbhvpWV4cc0oMwAAAYo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 03:40:07
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 23:40:02.345987 2026] [security2:error] [pid 14599:tid 14599] [client 115.96.128.148:46317] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|bigholegolf.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bigholegolf.com"] [uri "/xmlrpc.php"] [unique_id "almkEgj6x5MiHR0pLEiElAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
QT
2026-07-17 01:02:13
(7 hours ago)
Unauthorised WordPress admin login attempted at 2026-07-17 11:02:12 +1000
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-16 22:22:37
(10 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 21:52:19
(11 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 17:52:13.046897 2026] [security2:error] [pid 10273:tid 10273] [client 115.96.128.148:58262] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|kaldaragroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kaldaragroup.com"] [uri "/xmlrpc.php"] [unique_id "allSjQub2TqqQaxWqoeaMQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 17:43:36
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:43:29.940427 2026] [security2:error] [pid 18679:tid 18679] [client 115.96.128.148:54378] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|innolympics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "innolympics.com"] [uri "/xmlrpc.php"] [unique_id "alkYQazPNSLeN_KpDptirQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
jsjdmediallc
2026-07-16 16:40:04
(16 hours ago)
Auto-blocked: score 651 (threshold 10). Tier: HIGH. Hits: 129. Flags: xmlrpc, xmlrpc-burst, single-p ...
show more
Auto-blocked: score 651 (threshold 10). Tier: HIGH. Hits: 129. Flags: xmlrpc, xmlrpc-burst, single-path-flood. Paths: /xmlrpc.php, /xmlrpc.php, /xmlrpc.php, /xmlrpc.php, /xmlrpc.php
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 11:17:02
(21 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:48:45
(22 hours ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:48:37.203414 2026] [security2:error] [pid 30970:tid 30970] [client 115.96.128.148:42969] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|varnadorefamily.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "varnadorefamily.com"] [uri "/xmlrpc.php"] [unique_id "ali3BSW68mvBI83Ao8IxrQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-16 08:13:23
(1 day ago)
(wordpress) Failed wordpress login from 115.96.128.148 (IN/India/128.96.115.148.hathway.com)
Brute-Force
๐ง๐ช
cmbplf
2026-07-15 15:24:49
(1 day ago)
6.628 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-15 14:22:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 10:22:20.820181 2026] [security2:error] [pid 29685:tid 29685] [client 115.96.128.148:39366] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|brbcoin.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brbcoin.com"] [uri "/xmlrpc.php"] [unique_id "aleXnDtbzMGXTorK5mceCwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 13:53:30
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 115.96.128.148 (128.96.115.148.hathway.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 09:53:26.009153 2026] [security2:error] [pid 601560:tid 601560] [client 115.96.128.148:42011] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 115.96.128.148 (+1 hits since last alert)|nancyscafeandcatering.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nancyscafeandcatering.com"] [uri "/xmlrpc.php"] [unique_id "aleQ1t2gmOb3aqDpteHL0gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack