Anonymous
2026-06-27 19:34:02
(3 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 19:05:42
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:05:33.686458 2026] [security2:error] [pid 26011:tid 26011] [client 152.52.126.86:60895] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|virtualmediamasters.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "virtualmediamasters.net"] [uri "/xmlrpc.php"] [unique_id "akAe_UttlRi5EVP6VJYT_AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-27 17:00:07
(3 days ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-27 13:44:20
(3 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 10:13:24
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:13:17.849430 2026] [security2:error] [pid 29925:tid 29925] [client 152.52.126.86:60835] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|my-spec.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "my-spec.com"] [uri "/xmlrpc.php"] [unique_id "aj-iPY1WZd6yokbnt9ddogAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 08:39:32
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 04:39:26.495691 2026] [security2:error] [pid 25580:tid 25580] [client 152.52.126.86:51531] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|agworldmissions.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "agworldmissions.org"] [uri "/xmlrpc.php"] [unique_id "aj-MPkv3EChqlcDcfEnBlwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 05:53:45
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 01:53:38.983488 2026] [security2:error] [pid 15772:tid 15772] [client 152.52.126.86:64126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|brushmileage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brushmileage.org"] [uri "/xmlrpc.php"] [unique_id "aj9lYrlXU0PHVB54jcbxGAAAACo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Tha_14
2026-06-27 04:52:45
(3 days ago)
Limit on login attempts is reached
Brute-Force
Anonymous
2026-06-27 03:07:46
(3 days ago)
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ...
show more
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site22320170.com"
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 152.52.126.86 - - [27/Jun/2026:05:07:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 00:36:05
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 20:36:01.211388 2026] [security2:error] [pid 6577:tid 6577] [client 152.52.126.86:50365] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "visionremota.info"] [uri "/xmlrpc.php"] [unique_id "aj8a8ZNyPPFRy3GK5iL5fAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-06-26 23:26:46
(3 days ago)
3.679 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-26 23:04:31
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:04:26.111090 2026] [security2:error] [pid 4325:tid 4325] [client 152.52.126.86:62079] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|nomorenicenice.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nomorenicenice.net"] [uri "/xmlrpc.php"] [unique_id "aj8FeunFREZmTQE96CDIsAAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
tecnicorioja
2026-06-26 22:00:09
(3 days ago)
POST /xmlrpc.php [26/Jun/2026:12:26:01
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 18:15:41
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 14:15:32.866646 2026] [security2:error] [pid 10766:tid 10780] [client 152.52.126.86:61803] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|reghay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reghay.com"] [uri "/xmlrpc.php"] [unique_id "aj7BxEXhcHnxVdlmykRQEAAAAMk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 06:25:42
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 152.52.126.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 02:25:37.547663 2026] [security2:error] [pid 20126:tid 20126] [client 152.52.126.86:54068] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 152.52.126.86 (+1 hits since last alert)|garanta.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "garanta.co"] [uri "/xmlrpc.php"] [unique_id "ajom4fOfjCZbv3Mi5YqrFAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack