๐บ๐ธ
TPI-Abuse
2026-07-09 13:00:00
(18 hours ago)
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 08:59:55.362476 2026] [security2:error] [pid 27944:tid 27944] [client 149.54.20.214:49412] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 149.54.20.214 (+1 hits since last alert)|slattery-law.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "slattery-law.com"] [uri "/xmlrpc.php"] [unique_id "ak-bS6hKzU61KaKgcUHpogAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-09 10:26:13
(21 hours ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-09 07:14:03
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 03:13:59.474526 2026] [security2:error] [pid 22407:tid 22407] [client 149.54.20.214:64639] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 149.54.20.214 (+1 hits since last alert)|modalsoftware.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "modalsoftware.com"] [uri "/xmlrpc.php"] [unique_id "ak9KN58HauqJ36nX0HGhZgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 12:15:37
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 08:15:31.030520 2026] [security2:error] [pid 16178:tid 16178] [client 149.54.20.214:63103] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 149.54.20.214 (+1 hits since last alert)|deborahbein.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "deborahbein.com"] [uri "/xmlrpc.php"] [unique_id "aj--42T-aL1cCnh-g56z5gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 10:27:42
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 06:27:38.193723 2026] [security2:error] [pid 24974:tid 24974] [client 149.54.20.214:65154] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 149.54.20.214 (+1 hits since last alert)|keychainfilms.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "keychainfilms.com"] [uri "/xmlrpc.php"] [unique_id "ajZrGqoQ9kl-RWRPyNlmfAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-20 10:24:53
(2 weeks ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
Anonymous
2026-04-16 09:48:12
(2 months ago)
149.54.20.214 - - [16/Apr/2026:17:48:11 +0800] "POST /xmlrpc.php HTTP/1.1" 404 300230 "-" "Mozilla/5 ...
show more
149.54.20.214 - - [16/Apr/2026:17:48:11 +0800] "POST /xmlrpc.php HTTP/1.1" 404 300230 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/99.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-13 10:24:37
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 06:24:30.224570 2026] [security2:error] [pid 1825579:tid 1825579] [client 149.54.20.214:57173] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||baselinesc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "baselinesc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adzEXmwXTMx59W20lU_w2QAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-11 07:30:48
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 11 03:30:40.431267 2026] [security2:error] [pid 4192546:tid 4192567] [client 149.54.20.214:60523] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aafm.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aafm.us"] [uri "/wp-json/wp/v2/users"] [unique_id "adn4oDgciPE5aTDMLL8-bAAAAVI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-04-08 09:55:43
(3 months ago)
Try to access /xmlrpc.php
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-04-06 10:21:42
(3 months ago)
Unauthorized access to webpage admin
Web App Attack
๐ซ๐ท
dynamix
2026-04-05 07:52:13
(3 months ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-04 07:47:59
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 149.54.20.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 03:47:54.423065 2026] [security2:error] [pid 2323:tid 2323] [client 149.54.20.214:55139] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||38floorsupply.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "38floorsupply.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adDCKvAJDJItxcNEVEJOOQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
factor1
2026-04-02 09:23:36
(3 months ago)
Fail2ban at saturn Reports Abuse.
Bad Web Bot
Anonymous
2026-04-02 07:46:19
(3 months ago)
...
Web App Attack