๐บ๐ธ
TPI-Abuse
2026-07-09 08:12:06
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last ...
show more
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 04:11:59.045801 2026] [security2:error] [pid 1004720:tid 1004720] [client 121.52.157.140:2067] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 121.52.157.140 (+1 hits since last alert)|denkyusalesca.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "denkyusalesca.com"] [uri "/xmlrpc.php"] [unique_id "ak9Xz6tPosKaBf4QBcx2hAAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 08:09:16
(1 day ago)
[redacted] 121.52.157.140 - - [09/Jul/2026:10:08:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 121.52.157.140 - - [09/Jul/2026:10:08:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 121.52.157.140 - - [09/Jul/2026:10:08:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 121.52.157.140 - - [09/Jul/2026:10:08:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 121.52.157.140 - - [09/Jul/2026:10:09:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 121.52.157.140 - - [09/Jul/2026:10:09:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site10106608.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
kosada.com
2026-07-03 07:43:11
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-30 07:38:39
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last ...
show more
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 03:38:31.463878 2026] [security2:error] [pid 17490:tid 17490] [client 121.52.157.140:2070] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 121.52.157.140 (+1 hits since last alert)|btsalesrep.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "btsalesrep.com"] [uri "/xmlrpc.php"] [unique_id "akNyd-28jHZqYiOr-pE5CAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-06-29 09:01:50
(1 week ago)
2026-06-29T11:01:49.422603+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 121 ...
show more
2026-06-29T11:01:49.422603+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication failure for-from 121.52.157.140
show less
Web App Attack
๐บ๐ธ
integrantservices.com
2026-06-29 08:10:48
(1 week ago)
(wordpress) Failed wordpress login from 121.52.157.140 (PK/Pakistan/qet-hec.gov.pk)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-24 10:29:30
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last ...
show more
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 06:29:26.020493 2026] [security2:error] [pid 24138:tid 24160] [client 121.52.157.140:2065] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 121.52.157.140 (+1 hits since last alert)|amazinglips.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "amazinglips.com"] [uri "/xmlrpc.php"] [unique_id "ajuxhuV3u8-nL3xXgYaQewAAAYk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
noise.agency
2026-06-24 08:56:29
(2 weeks ago)
(wordpress) Failed wordpress login from 121.52.157.140 (PK/Pakistan/qet-hec.gov.pk)
Brute-Force
๐ฉ๐ช
pscriptos
2026-06-24 08:24:51
(2 weeks ago)
{"ClientAddr":"121.52.157.140:2049","ClientHost":"121.52.157.140","ClientPort":"2049","ClientUsernam ...
show more
{"ClientAddr":"121.52.157.140:2049","ClientHost":"121.52.157.140","ClientPort":"2049","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":1052621157,"OriginContentSize":418,"OriginDuration":1048463705,"OriginStatus":403,"Overhead":4157452,"RequestAddr":"www.cleveradmin.de","RequestContentSize":722,"RequestCount":1293335,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-24T10:24:28.925107872+02:00","StartUTC":"2026-06-24T08:24:28.925107872Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-24T10:24:29+02:00"}
{"ClientAddr":"121.52.157.140:2049","ClientHost":"121.52.157.140
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 07:17:52
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last ...
show more
(mod_security) mod_security (id:240335) triggered by 121.52.157.140 (qet-hec.gov.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 03:17:47.689480 2026] [security2:error] [pid 22655:tid 22655] [client 121.52.157.140:2079] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 121.52.157.140 (+1 hits since last alert)|495metro.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "495metro.com"] [uri "/xmlrpc.php"] [unique_id "ajuEm8zCgFfeEQ3aKFRL1wAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-18 08:42:04
(3 weeks ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ฉ๐ช
abdubhai
2026-06-18 06:12:40
(3 weeks ago)
121.52.157.140 - - [18/Jun/2026:
...
Brute-Force
๐ฉ๐ช
Marc
2026-06-16 08:09:39
(3 weeks ago)
121.52.157.140 - - [16/Jun/2026:10:09:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3419 "-" "Jetpack/12 ...
show more
121.52.157.140 - - [16/Jun/2026:10:09:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3419 "-" "Jetpack/12.5; WordPress/6.1; http://site88754372.com" 121.52.157.140 - - [16/Jun/2026:10:09:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3466 "-" "WordPress.com; https://wordpress.com" 121.52.157.140 - - [16/Jun/2026:10:09:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3467 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
show less
Brute-Force
Web App Attack
๐ฉ๐ช
rh24
2026-06-10 09:35:32
(1 month ago)
(wordpress) Failed wordpress login from 121.52.157.140 (PK/Pakistan/qet-hec.gov.pk): (CF_ENABLE)
Brute-Force
Anonymous
2026-06-09 09:34:48
(1 month ago)
Attac
Brute-Force