🇲🇾
Rizzy
2026-07-14 18:25:56
(2 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 16:47:39
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.net.do): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 12:47:32.993251 2026] [security2:error] [pid 23078:tid 23078] [client 148.101.197.220:59037] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 148.101.197.220 (+1 hits since last alert)|kiinlog.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kiinlog.com"] [uri "/xmlrpc.php"] [unique_id "alZoJDOG5AWaHAMkallnpwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
oralunal
2026-07-14 14:32:28
(2 days ago)
IP banned by Fail2Ban in jail oral-suss access.log mvfnds
...
Bad Web Bot
Web App Attack
🇫🇷
Lunix
2026-07-14 13:16:55
(2 days ago)
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 12:47:43
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.net.do): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 08:47:39.392948 2026] [security2:error] [pid 20577:tid 20577] [client 148.101.197.220:59214] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 148.101.197.220 (+1 hits since last alert)|calvarycavaliers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "calvarycavaliers.org"] [uri "/xmlrpc.php"] [unique_id "alYv64f9pwmw2bDQL3BQQQAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 03:39:28
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.net.do): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 23:39:24.106690 2026] [security2:error] [pid 6115:tid 6115] [client 148.101.197.220:56776] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 148.101.197.220 (+1 hits since last alert)|johncyphers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "johncyphers.com"] [uri "/xmlrpc.php"] [unique_id "alWvbJ_XtApmUtrsSnCc8wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 03:33:59
(3 days ago)
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.1; http://site19589869.com"
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)"
[redacted] 148.101.197.220 - - [14/Jul/2026:05:33:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site52161185.com"
...
show less
Hacking
Web App Attack
🇺🇸
TPI-Abuse
2026-07-14 00:33:11
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.ne ...
show more
(mod_security) mod_security (id:240335) triggered by 148.101.197.220 (220.197.101.148.d.dyn.claro.net.do): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 20:33:05.457241 2026] [security2:error] [pid 20346:tid 20346] [client 148.101.197.220:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 148.101.197.220 (+1 hits since last alert)|pixacast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pixacast.com"] [uri "/xmlrpc.php"] [unique_id "alWDwWzrtki0BHX22tK3cQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 00:30:21
(3 days ago)
(wordpress) Failed wordpress login from 148.101.197.220 (DO/Dominican Republic/220.197.101.148.d.dyn ...
show more
(wordpress) Failed wordpress login from 148.101.197.220 (DO/Dominican Republic/220.197.101.148.d.dyn.claro.net.do)
show less
Brute-Force
🇳🇱
debestelapp
2026-07-13 23:10:04
(3 days ago)
Web App Attack
Anonymous
2026-07-13 22:15:13
(3 days ago)
[redacted] 148.101.197.220 - - [14/Jul/2026:00:14:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 148.101.197.220 - - [14/Jul/2026:00:14:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
[redacted] 148.101.197.220 - - [14/Jul/2026:00:14:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 148.101.197.220 - - [14/Jul/2026:00:14:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site10922606.com"
[redacted] 148.101.197.220 - - [14/Jul/2026:00:15:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
[redacted] 148.101.197.220 - - [14/Jul/2026:00:15:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
Anonymous
2026-07-13 18:18:26
(3 days ago)
148.101.197.220 - - [13/Jul/2026:20:18:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress. ...
show more
148.101.197.220 - - [13/Jul/2026:20:18:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com"
148.101.197.220 - - [13/Jul/2026:20:18:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
148.101.197.220 - - [13/Jul/2026:20:18:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
148.101.197.220 - - [13/Jul/2026:20:18:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
148.101.197.220 - - [13/Jul/2026:20:18:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
...
show less
Brute-Force
Web App Attack