๐บ๐ธ
TPI-Abuse
2026-07-11 04:27:52
(55 minutes ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 00:27:44.284668 2026] [security2:error] [pid 7867:tid 7867] [client 125.166.117.92:27323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|bergenoaks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bergenoaks.com"] [uri "/xmlrpc.php"] [unique_id "alHGQFbhmSLG7_QKQk9bRgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-10 06:43:14
(22 hours ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 03:24:00
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 23:23:56.458329 2026] [security2:error] [pid 30114:tid 30114] [client 125.166.117.92:5053] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|soundtrax.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "soundtrax.net"] [uri "/xmlrpc.php"] [unique_id "alBlzB1wdSNXNc4pu_ByowAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
cwytech
2026-07-10 01:24:31
(1 day ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:13:21
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:13:13.750539 2026] [security2:error] [pid 22099:tid 22099] [client 125.166.117.92:16926] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|greensandbeans.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greensandbeans.us"] [uri "/xmlrpc.php"] [unique_id "ak87-ahGgmD-LYBH35NeHQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-09 03:37:17
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:08:44
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:08:35.742649 2026] [security2:error] [pid 17243:tid 17243] [client 125.166.117.92:8019] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|dogarttoday.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dogarttoday.com"] [uri "/xmlrpc.php"] [unique_id "ak8Qs8CS9HXey2oguovbngAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 03:41:44
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 23:41:41.299220 2026] [security2:error] [pid 30863:tid 30863] [client 125.166.117.92:23740] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|huntingforebears.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "huntingforebears.com"] [uri "/xmlrpc.php"] [unique_id "ak3G9VbYkKKC9WhH4rWKnQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-08 01:26:34
(3 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐ณ๐ฑ
debestelapp
2026-07-07 19:55:06
(3 days ago)
Web App Attack
Anonymous
2026-07-07 02:55:16
(4 days ago)
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 01:54:55
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 125.166.117.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 21:54:52.328534 2026] [security2:error] [pid 20507:tid 20507] [client 125.166.117.92:6538] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 125.166.117.92 (+1 hits since last alert)|gegkal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gegkal.com"] [uri "/xmlrpc.php"] [unique_id "akxcbAcdm_MQ4gQ3CESjzwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-07 01:23:28
(4 days ago)
(wordpress) Failed wordpress login from 125.166.117.92 (ID/Indonesia/-)
Brute-Force
๐ฉ๐ช
DocNetzwerk
2026-07-06 09:16:03
(4 days ago)
125.166.117.92 (ID/Indonesia/-), more than 7 Apache 403 hits
Hacking
Anonymous
2026-07-06 08:45:37
(4 days ago)
Fail2Ban WordPress login brute-force detected
Brute-Force
Web App Attack