๐ช๐ธ
masterguru
2026-07-01 12:56:09
(5 hours ago)
(xmlrpc) Failed xmlrpc access from 120.29.69.139 (PH/Philippines/139.69.29.120-rev.convergeict.com): ...
show more
(xmlrpc) Failed xmlrpc access from 120.29.69.139 (PH/Philippines/139.69.29.120-rev.convergeict.com): 5 in the last 3600 secs (0-122)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-01 08:52:51
(9 hours ago)
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.co ...
show more
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 04:52:47.021326 2026] [security2:error] [pid 9396:tid 9396] [client 120.29.69.139:9476] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.29.69.139 (+1 hits since last alert)|engineeringarts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "engineeringarts.com"] [uri "/xmlrpc.php"] [unique_id "akTVX-4DA0DBlqhHu228jwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 07:53:19
(10 hours ago)
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.co ...
show more
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 03:53:15.706615 2026] [security2:error] [pid 11134:tid 11134] [client 120.29.69.139:10216] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.29.69.139 (+1 hits since last alert)|thenutritionfixhollysprings.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thenutritionfixhollysprings.com"] [uri "/xmlrpc.php"] [unique_id "akTHa4o51lPXY-F2W3bILwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 05:28:26
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.co ...
show more
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 01:28:22.238563 2026] [security2:error] [pid 14885:tid 14885] [client 120.29.69.139:27689] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.29.69.139 (+1 hits since last alert)|lukeschicago.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lukeschicago.com"] [uri "/xmlrpc.php"] [unique_id "akSldgIIwl4sRBrkNvNU4gAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 13:52:52
(5 days ago)
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ...
show more
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.3; http://site38000847.com"
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 120.29.69.139 - - [26/Jun/2026:15:52:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 12:58:50
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.co ...
show more
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 08:58:46.456384 2026] [security2:error] [pid 19073:tid 19073] [client 120.29.69.139:60509] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.29.69.139 (+1 hits since last alert)|caralis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caralis.com"] [uri "/xmlrpc.php"] [unique_id "aj53hoW6nLljckQeVvb05AAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-06-23 08:00:29
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐ช๐ธ
masterguru
2026-06-23 06:40:48
(1 week ago)
(xmlrpc) Failed xmlrpc access from 120.29.69.139 (PH/Philippines/139.69.29.120-rev.convergeict.com): ...
show more
(xmlrpc) Failed xmlrpc access from 120.29.69.139 (PH/Philippines/139.69.29.120-rev.convergeict.com): 5 in the last 3600 secs (0-122)
show less
Hacking
Anonymous
2026-06-23 05:34:35
(1 week ago)
Fail2ban filtered
...
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 05:17:01
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.co ...
show more
(mod_security) mod_security (id:240335) triggered by 120.29.69.139 (139.69.29.120-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 01:16:53.294200 2026] [security2:error] [pid 24970:tid 24970] [client 120.29.69.139:60294] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 120.29.69.139 (+1 hits since last alert)|abcollie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abcollie.com"] [uri "/xmlrpc.php"] [unique_id "ajjFRbQJ5Sk2koUiGajbwgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-22 04:44:18
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/139.69.29.120-rev.convergeict.com
Web App Attack
Anonymous
2026-02-09 05:44:20
(4 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Anonymous
2026-01-13 08:21:09
(5 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Anonymous
2025-10-29 07:37:07
(8 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Anonymous
2025-08-24 02:05:56
(10 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host