2026-06-08 08:12:06
(10 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 06:20:43
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:20:35.018477 2026] [security2:error] [pid 24589:tid 24589] [client 136.158.66.127:46482] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|enjoymycondos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "enjoymycondos.com"] [uri "/xmlrpc.php"] [unique_id "aiZfM7GiT4zrZ4_I-RY1hQAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΈπͺ
konseptit
2026-06-05 18:11:46
(3 days ago)
(wordpress) Failed wordpress login from 136.158.66.127 (PH/Philippines/127.66.158.136.convergeict.co ...
show more
(wordpress) Failed wordpress login from 136.158.66.127 (PH/Philippines/127.66.158.136.convergeict.com)
show less
Brute-Force
πΊπΈ
TPI-Abuse
2026-06-05 14:03:00
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 10:02:53.434276 2026] [security2:error] [pid 28234:tid 28234] [client 136.158.66.127:60302] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|takemehomedogrescue.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "takemehomedogrescue.org"] [uri "/xmlrpc.php"] [unique_id "aiLXDcqlzLcJ_ynZPJyKfAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2026-06-05 12:22:47
(3 days ago)
Attac
Brute-Force
π©πͺ
abdubhai
2026-06-05 10:30:06
(3 days ago)
136.158.66.127 - - [05/Jun/2026:
...
Brute-Force
π³π±
Site.eu
2026-06-05 09:36:39
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
π¦πΊ
screwlooseit.com.au
2026-06-05 09:35:04
(3 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
PH/Philippines/127.66.158.136.convergeict.com
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-05 07:40:52
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 03:40:43.985858 2026] [security2:error] [pid 25840:tid 25840] [client 136.158.66.127:25936] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|exhaustthelimits.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "exhaustthelimits.org"] [uri "/xmlrpc.php"] [unique_id "aiJ9ezTYolF4dJnCmy1e5gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-06-05 06:37:13
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-05 04:37:12
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 00:37:08.615940 2026] [security2:error] [pid 12601:tid 12601] [client 136.158.66.127:52634] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|wurkroom.biz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wurkroom.biz"] [uri "/xmlrpc.php"] [unique_id "aiJSdLWYJABe1MZfiW5NDAAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
Kenshin869
2026-06-04 13:51:46
(4 days ago)
Wordpress unauthorized access attempt
Brute-Force
π³π±
Site.eu
2026-06-04 02:45:54
(4 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-06-03 00:38:51
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:38:45.759575 2026] [security2:error] [pid 19189:tid 19200] [client 136.158.66.127:56995] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|whatismetamodern.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whatismetamodern.com"] [uri "/xmlrpc.php"] [unique_id "ah93lRahZWVomdqlbwvFOQAAAEk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-02 13:18:43
(6 days ago)
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:240335) triggered by 136.158.66.127 (127.66.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 09:18:39.590534 2026] [security2:error] [pid 1653:tid 1653] [client 136.158.66.127:14884] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.158.66.127 (+1 hits since last alert)|drwolberg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drwolberg.com"] [uri "/xmlrpc.php"] [unique_id "ah7YL65SQreR1ajaFsIL4gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack