๐บ๐ธ
integrantservices.com
2026-07-10 06:11:16
(2 hours ago)
(wordpress) Failed wordpress login from 154.192.5.52 (PK/Pakistan/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-10 04:10:51
(4 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 00:10:48.307699 2026] [security2:error] [pid 14834:tid 14862] [client 154.192.5.52:61640] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|tkfay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tkfay.com"] [uri "/xmlrpc.php"] [unique_id "alBwyDEI6SmaEyunY4dM2AAAARg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-10 02:07:02
(6 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฒ๐พ
Rizzy
2026-07-10 02:06:26
(6 hours ago)
Multiple WAF Violations
Brute-Force
Web App Attack
Anonymous
2026-07-10 00:02:18
(8 hours ago)
[redacted] 154.192.5.52 - - [10/Jul/2026:02:01:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wo ...
show more
[redacted] 154.192.5.52 - - [10/Jul/2026:02:01:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 154.192.5.52 - - [10/Jul/2026:02:01:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)"
[redacted] 154.192.5.52 - - [10/Jul/2026:02:01:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 154.192.5.52 - - [10/Jul/2026:02:02:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 154.192.5.52 - - [10/Jul/2026:02:02:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 23:03:09
(9 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 19:03:05.619699 2026] [security2:error] [pid 18184:tid 18184] [client 154.192.5.52:62056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kbalan.com"] [uri "/xmlrpc.php"] [unique_id "alAoqbfFpeOCtgivRznL2QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 21:49:45
(10 hours ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 17:49:40.094606 2026] [security2:error] [pid 4878:tid 4878] [client 154.192.5.52:61502] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|bigislandhawaiirealestate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bigislandhawaiirealestate.com"] [uri "/xmlrpc.php"] [unique_id "alAXdHj7EDZccYCmQyxIXAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-09 20:36:06
(11 hours ago)
{"ClientAddr":"154.192.5.52:61581","ClientHost":"154.192.5.52","ClientPort":"61581","ClientUsername" ...
show more
{"ClientAddr":"154.192.5.52:61581","ClientHost":"154.192.5.52","ClientPort":"61581","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":410390397,"OriginContentSize":418,"OriginDuration":405414100,"OriginStatus":403,"Overhead":4976297,"RequestAddr":"www.cleveradmin.de","RequestContentSize":708,"RequestCount":718592,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-07-09T22:35:44.964910451+02:00","StartUTC":"2026-07-09T20:35:44.964910451Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-07-09T22:35:45+02:00"}
{"ClientAddr":"154.192.5.52:61581","ClientHost":"154.192.5.52","Clien
...
show less
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-09 11:40:13
(20 hours ago)
(xmlrpc) Failed xmlrpc access from 154.192.5.52 (PK/Pakistan/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-09 07:20:49
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 03:20:46.144397 2026] [security2:error] [pid 17382:tid 17382] [client 154.192.5.52:62043] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|lighthousescm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lighthousescm.com"] [uri "/xmlrpc.php"] [unique_id "ak9LzglQybDScM6uIYOr7gAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:38:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:38:26.980486 2026] [security2:error] [pid 5970:tid 5970] [client 154.192.5.52:62357] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|odysseydogasporlari.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odysseydogasporlari.com"] [uri "/xmlrpc.php"] [unique_id "ak8z0jUqWOFFO4_77Yk3wAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 05:05:28
(1 day ago)
[redacted] 154.192.5.52 - - [09/Jul/2026:07:04:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wo ...
show more
[redacted] 154.192.5.52 - - [09/Jul/2026:07:04:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 154.192.5.52 - - [09/Jul/2026:07:04:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site29785175.com"
[redacted] 154.192.5.52 - - [09/Jul/2026:07:05:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 154.192.5.52 - - [09/Jul/2026:07:05:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 154.192.5.52 - - [09/Jul/2026:07:05:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
...
show less
Hacking
Web App Attack
๐ซ๐ท
LRob
2026-07-08 23:29:27
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com","Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)","WordPre
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 22:58:57
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 154.192.5.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 18:58:50.081014 2026] [security2:error] [pid 6107:tid 6107] [client 154.192.5.52:61951] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.192.5.52 (+1 hits since last alert)|telecompros.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "telecompros.net"] [uri "/xmlrpc.php"] [unique_id "ak7WKnPnQ07iCstwGh4qQQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-08 20:11:13
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)","WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.
show less
Brute-Force
Web App Attack