๐ช๐ธ
alferez
2026-07-11 13:46:12
(1 day ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 13:31:17
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 09:31:13.229837 2026] [security2:error] [pid 29741:tid 29741] [client 150.129.28.110:51253] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "visionremota.info"] [uri "/xmlrpc.php"] [unique_id "alJFob_2WqOZR03cPPOKywAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 12:04:27
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 08:04:15.111535 2026] [security2:error] [pid 25878:tid 25891] [client 150.129.28.110:57769] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|tomithai.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomithai.com"] [uri "/xmlrpc.php"] [unique_id "alIxP6lG7EiF6BZFdy6nmQAAAEs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 09:51:10
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 05:51:02.990346 2026] [security2:error] [pid 23991:tid 23991] [client 150.129.28.110:56714] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|rochesterhistorical.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rochesterhistorical.org"] [uri "/xmlrpc.php"] [unique_id "alISBuAI4a2wiY1cURzlewAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-11 08:15:52
(1 day ago)
{"ClientAddr":"150.129.28.110:63792","ClientHost":"150.129.28.110","ClientPort":"63792","ClientUsern ...
show more
{"ClientAddr":"150.129.28.110:63792","ClientHost":"150.129.28.110","ClientPort":"63792","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":125599081,"OriginContentSize":418,"OriginDuration":121027345,"OriginStatus":403,"Overhead":4571736,"RequestAddr":"www.cleveradmin.de","RequestContentSize":711,"RequestCount":851293,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-07-11T10:15:31.493913845+02:00","StartUTC":"2026-07-11T08:15:31.493913845Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-07-11T10:15:31+02:00"}
{"ClientAddr":"150.129.28.110:63792","ClientHost":"150.129.28.110
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 07:43:09
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 03:43:05.243114 2026] [security2:error] [pid 10538:tid 10538] [client 150.129.28.110:60084] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|seskalee.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seskalee.com"] [uri "/xmlrpc.php"] [unique_id "alH0CWGz5S2BSmwpW8C6igAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-11 07:40:08
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-10 13:44:03
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
rh24
2026-07-10 13:13:27
(2 days ago)
(xmlrpc_405) XMLRPC-Bot 405 150.129.28.110 (IN/India/110-28-129-150.dnainfotel.com)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-10 12:04:10
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 08:04:06.648420 2026] [security2:error] [pid 13460:tid 13460] [client 150.129.28.110:62629] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|darkalleyproductions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "darkalleyproductions.com"] [uri "/xmlrpc.php"] [unique_id "alDftvOlLZ6SKKLXsZchjAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 11:30:47
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 07:30:35.010874 2026] [security2:error] [pid 17767:tid 17767] [client 150.129.28.110:61495] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|bestcostparts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bestcostparts.com"] [uri "/xmlrpc.php"] [unique_id "alDX2yiUp5xGsxjv5Qg9xgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-10 10:21:19
(2 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-10 08:30:28
(2 days ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-10 06:09:50
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 02:09:45.901186 2026] [security2:error] [pid 23346:tid 23346] [client 150.129.28.110:60022] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|whiterapperz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whiterapperz.com"] [uri "/xmlrpc.php"] [unique_id "alCMqWyoZpExVURVmrvdPQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 05:21:08
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): ...
show more
(mod_security) mod_security (id:240335) triggered by 150.129.28.110 (110-28-129-150.dnainfotel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 01:21:03.487181 2026] [security2:error] [pid 3934:tid 3934] [client 150.129.28.110:57511] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.129.28.110 (+1 hits since last alert)|palumbodesigns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "palumbodesigns.com"] [uri "/xmlrpc.php"] [unique_id "alCBPxqwc9BlHc8S8RtLPQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack