Anonymous
2026-07-14 02:15:05
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 02:02:20
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:02:12.562573 2026] [security2:error] [pid 8060:tid 8060] [client 150.228.149.235:24311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.149.235 (+1 hits since last alert)|kiinlog.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kiinlog.com"] [uri "/xmlrpc.php"] [unique_id "alWYpKO9mimqpAOZdSDuqAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 18:26:22
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 14:26:15.612695 2026] [security2:error] [pid 789:tid 818] [client 150.228.149.235:29323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.149.235 (+1 hits since last alert)|whatismetamodern.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whatismetamodern.com"] [uri "/xmlrpc.php"] [unique_id "alUtxzenFbTu-RR2-rXrJwAAAQA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-13 17:43:16
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-07-13 17:42:56
(2 days ago)
150.228.149.235 - - [14/Jul/2026:01:42:34 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "WordPress ...
show more
150.228.149.235 - - [14/Jul/2026:01:42:34 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "WordPress.com; https://wordpress.com"
150.228.149.235 - - [14/Jul/2026:01:42:45 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "WordPress.com; https://wordpress.com"
150.228.149.235 - - [14/Jul/2026:01:42:56 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-13 16:47:31
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 12:47:23.733284 2026] [security2:error] [pid 500:tid 500] [client 150.228.149.235:48852] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.149.235 (+1 hits since last alert)|assheton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "assheton.com"] [uri "/xmlrpc.php"] [unique_id "alUWmzcHYPk75oMR8kbrKgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-07-13 16:33:38
(2 days ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 12:09:28
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink ...
show more
(mod_security) mod_security (id:240335) triggered by 150.228.149.235 (customer.sngesgp1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 08:09:21.778374 2026] [security2:error] [pid 3282394:tid 3282394] [client 150.228.149.235:44782] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.228.149.235 (+1 hits since last alert)|myomni.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "myomni.us"] [uri "/xmlrpc.php"] [unique_id "alTVcRCDsDpqn4FkFwERKAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
A000Z
2026-04-05 04:37:08
(3 months ago)
Fail2Ban: 150.228.149.235 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/ ...
show more
Fail2Ban: 150.228.149.235 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.5679.1106 Safari/537.36
show less
Bad Web Bot
๐บ๐ธ
SiliSoftware
2026-03-02 07:16:09
(4 months ago)
/phpBB3/viewforum.php?f=7&sid=6b1e707d4032fa40f23245f3321ec127
Web App Attack