๐บ๐ธ
TPI-Abuse
2026-07-02 08:56:13
(3 hours ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 04:56:05.898477 2026] [security2:error] [pid 14245:tid 14245] [client 49.149.108.240:35680] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|pharmaceuticalsalescertifications.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescertifications.com"] [uri "/xmlrpc.php"] [unique_id "akYnpejTd2pP9vRyWkzHbwAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 09:36:22
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:36:15.863550 2026] [security2:error] [pid 11383:tid 11383] [client 49.149.108.240:34342] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hotelausland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hotelausland.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akOODwQS94bGNd1_dpTwgAAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 08:54:02
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 04:53:58.348585 2026] [security2:error] [pid 26717:tid 26717] [client 49.149.108.240:34704] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|latentpixel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "latentpixel.com"] [uri "/xmlrpc.php"] [unique_id "akOEJuNITs3ky0Jkiv334wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 13:50:03
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 09:49:55.217816 2026] [security2:error] [pid 17786:tid 17786] [client 49.149.108.240:36251] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|thehealthyplaceclayton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "akEmg43z2wV2JaTKq8_FSQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Marc
2026-06-28 02:27:38
(4 days ago)
49.149.108.240 - - [28/Jun/2026:04:27:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack by ...
show more
49.149.108.240 - - [28/Jun/2026:04:27:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack by WordPress.com" 49.149.108.240 - - [28/Jun/2026:04:27:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack/12.0; WordPress/6.1; http://site14004883.com" 49.149.108.240 - - [28/Jun/2026:04:27:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3300 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 06:44:34
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 02:44:28.592584 2026] [security2:error] [pid 2604:tid 2604] [client 49.149.108.240:34663] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|climasyequipos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "climasyequipos.com"] [uri "/xmlrpc.php"] [unique_id "aj9xTIwiTdM3ffr5usw9FAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 01:54:10
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:54:02.071066 2026] [security2:error] [pid 24733:tid 24733] [client 49.149.108.240:36540] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|jessicalevant.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jessicalevant.com"] [uri "/xmlrpc.php"] [unique_id "aj8tOpgHOCWViL72tp7rOwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-27 01:39:29
(5 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-26 22:33:42
(5 days ago)
Brute-Force
Web App Attack
Anonymous
2026-06-26 04:45:22
(6 days ago)
49.149.108.240 - - [26/Jun/2026:06:45:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by ...
show more
49.149.108.240 - - [26/Jun/2026:06:45:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
49.149.108.240 - - [26/Jun/2026:06:45:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
49.149.108.240 - - [26/Jun/2026:06:45:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com"
49.149.108.240 - - [26/Jun/2026:06:45:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com"
49.149.108.240 - - [26/Jun/2026:06:45:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
Marc
2026-06-26 03:19:32
(6 days ago)
49.149.108.240 - - [26/Jun/2026:05:19:11 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3466 "-" "Jetpack/12 ...
show more
49.149.108.240 - - [26/Jun/2026:05:19:11 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3466 "-" "Jetpack/12.5; WordPress/6.4; http://site20732536.com" 49.149.108.240 - - [26/Jun/2026:05:19:20 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3465 "-" "Jetpack by WordPress.com" 49.149.108.240 - - [26/Jun/2026:05:19:31 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3466 "-" "WordPress.com; https://wordpress.com"
show less
Brute-Force
Web App Attack
Anonymous
2026-06-24 08:22:13
(1 week ago)
Attac
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-24 03:49:33
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 49.149.108.240 (dsl.49.149.108.240.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 23:49:24.283823 2026] [security2:error] [pid 11004:tid 11004] [client 49.149.108.240:33937] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.149.108.240 (+1 hits since last alert)|richmondrents.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "richmondrents.com"] [uri "/xmlrpc.php"] [unique_id "ajtTxAnGxBiFvV5-SCLtPQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-21 00:46:40
(1 week ago)
Attac
Brute-Force
Anonymous
2026-06-20 01:04:57
(1 week ago)
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.1; http://site15832570.com"
[redacted] 49.149.108.240 - - [20/Jun/2026:03:04:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.4; http://site29148066.com"
...
show less
Hacking
Web App Attack