Anonymous
2026-07-14 15:17:07
(6 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 09:25:22
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 05:25:18.865524 2026] [security2:error] [pid 24607:tid 24607] [client 45.128.38.245:63571] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|premierveterinarysurgery.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "premierveterinarysurgery.com"] [uri "/xmlrpc.php"] [unique_id "alYAfrAX3XrCNZoHTd_ATgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 07:52:58
(13 hours ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 03:52:50.969126 2026] [security2:error] [pid 20326:tid 20326] [client 45.128.38.245:60383] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|internetnameregistration.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "internetnameregistration.com"] [uri "/xmlrpc.php"] [unique_id "alXq0glrtT80n2flRqeD3wAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 06:05:33
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 02:05:29.056677 2026] [security2:error] [pid 27916:tid 27916] [client 45.128.38.245:63875] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|sooperare.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sooperare.com"] [uri "/xmlrpc.php"] [unique_id "alXRqRT2t2cvJSxWuxLQ-QAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 17:36:02
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 13:35:57.074590 2026] [security2:error] [pid 9634:tid 9634] [client 45.128.38.245:59145] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|cnphilos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cnphilos.com"] [uri "/xmlrpc.php"] [unique_id "alUh_fSoGAjqRPLTDtnGMAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 17:02:00
(1 day ago)
(wordpress) Failed wordpress login from 45.128.38.245 (PL/Poland/-)
Brute-Force
๐ซ๐ท
dynamix
2026-07-13 02:26:32
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 01:57:38
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 21:57:32.391804 2026] [security2:error] [pid 7439:tid 7439] [client 45.128.38.245:58958] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|talkingmess.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "talkingmess.com"] [uri "/xmlrpc.php"] [unique_id "alRGDMgxURnaERnlQ5I6cgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-13 00:50:10
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 00:22:51
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
cwytech
2026-07-12 21:18:51
(2 days ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 19:05:39
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 15:05:35.030789 2026] [security2:error] [pid 15350:tid 15350] [client 45.128.38.245:63937] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|blindshine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "blindshine.com"] [uri "/xmlrpc.php"] [unique_id "alPlf0_QepjfEj_nqORdUAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 15:50:34
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 11:50:28.887658 2026] [security2:error] [pid 16711:tid 16711] [client 45.128.38.245:62976] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|nolaanime.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nolaanime.com"] [uri "/xmlrpc.php"] [unique_id "alO3xOFvWbr4bAW1eg60EAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 07:31:25
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 45.128.38.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 03:31:20.092715 2026] [security2:error] [pid 15486:tid 15486] [client 45.128.38.245:53424] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 45.128.38.245 (+1 hits since last alert)|matt-bechtel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "matt-bechtel.com"] [uri "/xmlrpc.php"] [unique_id "alCfyFUZ9QtgooZlA4kElAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-10 02:44:21
(4 days ago)
45.128.38.245 - - [09/Jul/2026:22:43:38 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack/12. ...
show more
45.128.38.245 - - [09/Jul/2026:22:43:38 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack/12.0; WordPress/6.4; http://site20522875.com"
45.128.38.245 - - [09/Jul/2026:22:43:48 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)"
45.128.38.245 - - [09/Jul/2026:22:43:59 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack by WordPress.com"
45.128.38.245 - - [09/Jul/2026:22:44:09 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack by WordPress.com"
45.128.38.245 - - [09/Jul/2026:22:44:20 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5263 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)"
...
show less
Web App Attack