๐บ๐ธ
TPI-Abuse
2026-06-11 07:53:51
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:53:45.760355 2026] [security2:error] [pid 4311:tid 4311] [client 156.204.135.219:58688] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|furbabieslivesmatter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "furbabieslivesmatter.com"] [uri "/xmlrpc.php"] [unique_id "aippiVSvj8jabpwHKYeXvgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 14:08:34
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 10:08:29.076088 2026] [security2:error] [pid 19549:tid 19549] [client 156.204.135.219:62621] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|terfgunclub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "terfgunclub.com"] [uri "/xmlrpc.php"] [unique_id "ailv3e9wet5ny930DbVEIgAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 13:26:24
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 09:26:20.361102 2026] [security2:error] [pid 16907:tid 16907] [client 156.204.135.219:52272] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fuentevictoria.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fuentevictoria.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aill_IvbX3a1rqMBlOAZIwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 09:48:33
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 05:48:29.821217 2026] [security2:error] [pid 30200:tid 30200] [client 156.204.135.219:60116] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|jessicalevant.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jessicalevant.com"] [uri "/xmlrpc.php"] [unique_id "aiky7WZpuYEIXWG6jJgBTQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 07:19:50
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 03:19:44.608678 2026] [security2:error] [pid 17865:tid 17865] [client 156.204.135.219:57437] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|nearfieldchrist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nearfieldchrist.com"] [uri "/xmlrpc.php"] [unique_id "aikQENkjmzCVOcaHF3lKoQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-09 15:57:14
(3 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
EG/Egypt/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-09 15:20:04
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 11:19:56.945009 2026] [security2:error] [pid 22491:tid 22491] [client 156.204.135.219:58163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|kmelson.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kmelson.com"] [uri "/xmlrpc.php"] [unique_id "aigvHC6KW6Gz_QMV3BONTAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-09 15:05:14
(3 weeks ago)
Blocked: Reason='Vulnerability probing โ PHP scan detected (150/60 min)'; Requests=150
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-09 12:46:47
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:240335) triggered by 156.204.135.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 08:46:43.486640 2026] [security2:error] [pid 6951:tid 6951] [client 156.204.135.219:59282] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 156.204.135.219 (+1 hits since last alert)|gaeltv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gaeltv.com"] [uri "/xmlrpc.php"] [unique_id "aigLM68f0hbH7h1TG5A3rwAAAEk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-08 07:25:21
(4 weeks ago)
Attac
Brute-Force
๐ซ๐ฎ
YF
2026-06-07 14:00:39
(4 weeks ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
Anonymous
2026-06-07 11:02:49
(4 weeks ago)
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samp ...
show more
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
Anonymous
2026-06-07 08:13:12
(4 weeks ago)
156.204.135.219 - - [07/Jun/2026:10:12:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 712 "-" "WordPress. ...
show more
156.204.135.219 - - [07/Jun/2026:10:12:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 712 "-" "WordPress.com; https://wordpress.com"
156.204.135.219 - - [07/Jun/2026:10:12:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com"
156.204.135.219 - - [07/Jun/2026:10:13:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 712 "-" "Jetpack by WordPress.com"
156.204.135.219 - - [07/Jun/2026:10:13:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
156.204.135.219 - - [07/Jun/2026:10:13:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 712 "-" "Jetpack/12.5; WordPress/6.4; http://site37655496.com"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-06-07 07:44:48
(4 weeks ago)
Bad Web Bot
Web App Attack
๐จ๐ฟ
lp
2024-04-14 21:21:27
(2 years ago)
SSH Brute force: 2 attempts were recorded from 156.204.135.219
2024-04-14T21:44:55+02:00 error: maxi ...
show more
SSH Brute force: 2 attempts were recorded from 156.204.135.219
2024-04-14T21:44:55+02:00 error: maximum authentication attempts exceeded for root from 156.204.135.219 port 44453 ssh2 [preauth]
2024-04-14T21:45:06+02:00 Disconnected from authenticating user root 156.204.135.219 port 44470 [preauth]
show less
Brute-Force
SSH