๐บ๐ธ
TPI-Abuse
2026-07-15 13:41:40
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 09:41:35.517255 2026] [security2:error] [pid 26806:tid 26914] [client 27.121.100.195:19071] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|visionforandfromchildren.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "visionforandfromchildren.org"] [uri "/xmlrpc.php"] [unique_id "aleOD_YGetGOYo616gHwBQAAAc0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
masterguru
2026-07-15 11:51:45
(7 hours ago)
(xmlrpc) Failed xmlrpc access from 27.121.100.195 (IN/India/-): 5 in the last 3600 secs (0-122)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-14 15:39:46
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:39:38.803249 2026] [security2:error] [pid 6822:tid 6822] [client 27.121.100.195:18993] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|evelynkay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "evelynkay.com"] [uri "/xmlrpc.php"] [unique_id "alZYOoWQ_pRlgWPhSdDDAQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:00:09
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:00:01.097663 2026] [security2:error] [pid 12943:tid 12943] [client 27.121.100.195:19201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|method1.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "method1.net"] [uri "/xmlrpc.php"] [unique_id "alZO8XGbfseD3SdC1MnorwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:17:14
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:17:09.444207 2026] [security2:error] [pid 28071:tid 28071] [client 27.121.100.195:19279] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|cubbylure.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cubbylure.com"] [uri "/xmlrpc.php"] [unique_id "alXGVYugQNuUxnIyg7SaYwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 02:30:53
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 22:30:45.082352 2026] [security2:error] [pid 13262:tid 13272] [client 27.121.100.195:19102] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|dwcmachining.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dwcmachining.com"] [uri "/xmlrpc.php"] [unique_id "alWfVb89SsAyRhqQ8PEn-QAAAQg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 15:14:05
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-13 12:10:45
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-13 10:08:50
(2 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-13 09:35:43
(2 days ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
IN/India/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 03:32:55
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 23:32:48.089749 2026] [security2:error] [pid 29044:tid 29107] [client 27.121.100.195:18711] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|koalacogs.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "koalacogs.com"] [uri "/xmlrpc.php"] [unique_id "alRcYIaG2tmAaDKx7J8CHAAAAQU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-07-13 03:28:37
(2 days ago)
27.121.100.195 - - [13/Jul/2026:11:28:14 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "WordPress. ...
show more
27.121.100.195 - - [13/Jul/2026:11:28:14 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "WordPress.com; https://wordpress.com"
27.121.100.195 - - [13/Jul/2026:11:28:25 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack/12.1; WordPress/6.3; http://site43770302.com"
27.121.100.195 - - [13/Jul/2026:11:28:36 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5979 "-" "Jetpack by WordPress.com"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-11 16:07:23
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 27.121.100.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 12:07:16.221471 2026] [security2:error] [pid 25709:tid 25709] [client 27.121.100.195:19391] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 27.121.100.195 (+1 hits since last alert)|circleinthesquare.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "circleinthesquare.org"] [uri "/xmlrpc.php"] [unique_id "alJqNGleYi43_gIGlO9ewwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-11 16:05:11
(4 days ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
Anonymous
2026-07-11 13:12:16
(4 days ago)
[redacted] 27.121.100.195 - - [11/Jul/2026:15:11:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 27.121.100.195 - - [11/Jul/2026:15:11:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site66919057.com"
[redacted] 27.121.100.195 - - [11/Jul/2026:15:11:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)"
[redacted] 27.121.100.195 - - [11/Jul/2026:15:11:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.2; http://site45364316.com"
[redacted] 27.121.100.195 - - [11/Jul/2026:15:12:04 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 27.121.100.195 - - [11/Jul/2026:15:12:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
...
show less
Hacking
Web App Attack