๐ฉ๐ช
Vegascosmetics
2026-06-27 15:19:29
(3 days ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-06-26 11:34:52
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 07:34:47.560649 2026] [security2:error] [pid 10105:tid 10105] [client 154.208.47.194:65115] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|rentkase.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rentkase.com"] [uri "/xmlrpc.php"] [unique_id "aj5j15-CMi04sLKnugENwwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-25 13:13:09
(5 days ago)
Attac
Brute-Force
๐ฉ๐ช
rh24
2026-06-23 19:03:50
(1 week ago)
(xmlrpc_405) XMLRPC-Bot 405 154.208.47.194 (PK/Pakistan/-)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-23 18:05:33
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 14:05:30.465754 2026] [security2:error] [pid 7666:tid 7666] [client 154.208.47.194:59898] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|adlc18.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "adlc18.org"] [uri "/xmlrpc.php"] [unique_id "ajrK6sMOl57GuGjUo4ruOwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-06-22 01:37:49
(1 week ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 16:35:27
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:35:22.371420 2026] [security2:error] [pid 25662:tid 25687] [client 154.208.47.194:64432] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|whatismetamodern.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whatismetamodern.com"] [uri "/xmlrpc.php"] [unique_id "ajgSyq9doAOLDpqK8IuwDgAAAFc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-21 16:31:47
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-17 10:17:43
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:17:35.164085 2026] [security2:error] [pid 21414:tid 21414] [client 154.208.47.194:63542] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|aifactoid.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aifactoid.com"] [uri "/xmlrpc.php"] [unique_id "ajJ0P9R4vP4jOnZj6bV-_QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-15 18:07:57
(2 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
factor1
2026-06-13 17:05:59
(2 weeks ago)
Fail2ban at saturn Reports Abuse.
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 16:12:50
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 12:12:46.786847 2026] [security2:error] [pid 18838:tid 18838] [client 154.208.47.194:7281] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|sacoriverjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sacoriverjazz.org"] [uri "/xmlrpc.php"] [unique_id "ai2BfqtE3KjSbbetejV8iQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 14:58:32
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 10:58:26.209995 2026] [security2:error] [pid 3342:tid 3351] [client 154.208.47.194:58706] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|41bravo.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "41bravo.com"] [uri "/xmlrpc.php"] [unique_id "aiQ1krXi3BPX9bkyz73oswAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-06 13:23:04
(3 weeks ago)
[redacted] 154.208.47.194 - - [06/Jun/2026:15:22:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 154.208.47.194 - - [06/Jun/2026:15:22:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)"
[redacted] 154.208.47.194 - - [06/Jun/2026:15:22:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 154.208.47.194 - - [06/Jun/2026:15:22:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 154.208.47.194 - - [06/Jun/2026:15:22:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 154.208.47.194 - - [06/Jun/2026:15:23:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 12:23:24
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 154.208.47.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:23:21.048593 2026] [security2:error] [pid 9982:tid 9982] [client 154.208.47.194:51863] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 154.208.47.194 (+1 hits since last alert)|forerunnersjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "forerunnersjazz.org"] [uri "/xmlrpc.php"] [unique_id "aiQROcGaG71y_mLZw9LESwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack