Anonymous
2026-07-07 09:02:22
(6 hours ago)
(wordpress) Failed wordpress login from 154.159.237.117 (KE/Kenya/117-237-159-154.r.airtelkenya.com)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-07 08:34:33
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 04:34:28.840489 2026] [security2:error] [pid 24519:tid 24519] [client 154.159.237.117:15070] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|thepercussionworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thepercussionworks.com"] [uri "/xmlrpc.php"] [unique_id "aky6FL6BM_3LnymAw6l1ggAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-06 15:00:26
(1 day ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-06 13:16:28
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 09:16:22.675117 2026] [security2:error] [pid 26256:tid 26256] [client 154.159.237.117:10961] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|rentkase.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rentkase.com"] [uri "/xmlrpc.php"] [unique_id "akuqprmnnepGUYK4WPIG9AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
dbmwebdesign
2026-07-06 12:45:14
(1 day ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 12:44:42
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 08:44:38.121978 2026] [security2:error] [pid 17341:tid 17341] [client 154.159.237.117:21896] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|ontimelogistiks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ontimelogistiks.com"] [uri "/xmlrpc.php"] [unique_id "akujNqWszeeEktLA3EtxzAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
n2nguyenn2nguyen
2026-07-06 03:03:00
(1 day ago)
Blocked by YFC Security on https://brixzly.com โ type: xmlrpc_attempts
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 15:10:38
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 11:10:34.616759 2026] [security2:error] [pid 317:tid 340] [client 154.159.237.117:30340] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|vancekelly.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "vancekelly.com"] [uri "/xmlrpc.php"] [unique_id "akkiavSPMZCoFOgCwMfFPAAAAFU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 06:10:32
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 02:10:27.133580 2026] [security2:error] [pid 2635:tid 2635] [client 154.159.237.117:27807] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|bikiniadvice.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bikiniadvice.com"] [uri "/xmlrpc.php"] [unique_id "akij0x8qHeHQ72CbMeetqAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 14:06:44
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 10:06:36.842519 2026] [security2:error] [pid 13600:tid 13600] [client 154.159.237.117:37934] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|radicalchange.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "radicalchange.org"] [uri "/xmlrpc.php"] [unique_id "akfB7HKqfgfZ5oOVrEkUKQAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 13:06:08
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya. ...
show more
(mod_security) mod_security (id:240335) triggered by 154.159.237.117 (117-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 09:06:01.030942 2026] [security2:error] [pid 8029:tid 8029] [client 154.159.237.117:17112] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.159.237.117 (+1 hits since last alert)|latentpixel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "latentpixel.com"] [uri "/xmlrpc.php"] [unique_id "akezufHPFmSbkT0et_MhDQAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-03 12:07:08
(4 days ago)
(xmlrpc) Failed xmlrpc access from 154.159.237.117 (KE/Kenya/117-237-159-154.r.airtelkenya.com): 5 i ...
show more
(xmlrpc) Failed xmlrpc access from 154.159.237.117 (KE/Kenya/117-237-159-154.r.airtelkenya.com): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ฉ๐ช
pscriptos
2026-07-03 11:01:01
(4 days ago)
{"ClientAddr":"154.159.237.117:34695","ClientHost":"154.159.237.117","ClientPort":"34695","ClientUse ...
show more
{"ClientAddr":"154.159.237.117:34695","ClientHost":"154.159.237.117","ClientPort":"34695","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":672935731,"OriginContentSize":418,"OriginDuration":668509995,"OriginStatus":403,"Overhead":4425736,"RequestAddr":"www.cleveradmin.de","RequestContentSize":728,"RequestCount":192054,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-07-03T13:00:41.229427482+02:00","StartUTC":"2026-07-03T11:00:41.229427482Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-07-03T13:00:41+02:00"}
{"ClientAddr":"154.159.237.117:34695","ClientHost":"154.159.237
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
kosada.com
2026-06-29 07:15:12
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐ซ๐ฎ
danskefilm.dk
2026-05-29 15:25:01
(1 month ago)
Mail spam, spamassassin score over 20 points
Email Spam