๐ฉ๐ช
rh24
2026-07-10 07:47:22
(12 hours ago)
(xmlrpc_405) XMLRPC-Bot 405 120.28.197.237 (PH/Philippines/-)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-07 11:52:19
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 07:52:11.084250 2026] [security2:error] [pid 10277:tid 10277] [client 120.28.197.237:25769] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|luxandunion.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "luxandunion.com"] [uri "/xmlrpc.php"] [unique_id "akzoazuPeGWMw9O067OsFwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-07 11:31:28
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-06 10:35:12
(4 days ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.nikolopoulos-dikigoros.gr; logs=/var/log/httpd/domains/n ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.nikolopoulos-dikigoros.gr; logs=/var/log/httpd/domains/nikolopoulos-dikigoros.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
Anonymous
2026-07-06 09:39:02
(4 days ago)
(wordpress) Failed wordpress login from 120.28.197.237 (PH/Philippines/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-05 19:52:56
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 15:52:51.250457 2026] [security2:error] [pid 21164:tid 21164] [client 120.28.197.237:63696] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|abcollie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abcollie.com"] [uri "/xmlrpc.php"] [unique_id "akq2E4LEy3TN93J1cL0zqAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-05 19:40:53
(5 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-05 15:38:10
(5 days ago)
(xmlrpc) Failed xmlrpc access from 120.28.197.237 (PH/Philippines/-): 5 in the last 3600 secs (0-122 ...
show more
(xmlrpc) Failed xmlrpc access from 120.28.197.237 (PH/Philippines/-): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-05 00:53:38
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 20:53:30.274799 2026] [security2:error] [pid 23872:tid 23872] [client 120.28.197.237:27138] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|kaldaragroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kaldaragroup.com"] [uri "/xmlrpc.php"] [unique_id "akmrCrlcV-8AeV73Z4u7hAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-04 08:53:18
(6 days ago)
(xmlrpc) Apache: Failed xmlrpc access from 120.28.197.237 (PH/Philippines/-): 10 in the last 3600 se ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 120.28.197.237 (PH/Philippines/-): 10 in the last 3600 secs (0-201)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-16 08:09:48
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:09:41.994925 2026] [security2:error] [pid 8640:tid 8640] [client 120.28.197.237:58561] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|portlunchgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "portlunchgroup.com"] [uri "/xmlrpc.php"] [unique_id "ajEExb5sDjr4O3BmD7fyxQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-16 05:55:05
(3 weeks ago)
120.28.197.237 - - [16/Jun/2026:07:54:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.c ...
show more
120.28.197.237 - - [16/Jun/2026:07:54:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
120.28.197.237 - - [16/Jun/2026:07:54:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
120.28.197.237 - - [16/Jun/2026:07:54:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
120.28.197.237 - - [16/Jun/2026:07:54:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
120.28.197.237 - - [16/Jun/2026:07:55:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 05:08:52
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 01:08:46.748155 2026] [security2:error] [pid 31191:tid 31191] [client 120.28.197.237:51525] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|daebakdesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "daebakdesign.com"] [uri "/xmlrpc.php"] [unique_id "ajDaXqZDf8_kdZIFvfcATQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 02:29:15
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 120.28.197.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 22:29:10.535283 2026] [security2:error] [pid 12596:tid 12596] [client 120.28.197.237:44237] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.28.197.237 (+1 hits since last alert)|jbernsteinpc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jbernsteinpc.com"] [uri "/xmlrpc.php"] [unique_id "ajC09sY5pmFjBOuMoUZj9gAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-06-14 14:25:25
(3 weeks ago)
120.28.197.237 - [14/Jun/2026:17:25:16 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.com ...
show more
120.28.197.237 - [14/Jun/2026:17:25:16 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.com; https://wordpress.com" "-"
120.28.197.237 - [14/Jun/2026:17:25:25 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" "-"
...
show less
Hacking
Brute-Force
Web App Attack