๐บ๐ธ
TPI-Abuse
2026-06-26 07:16:00
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 03:15:56.426859 2026] [security2:error] [pid 9300:tid 9300] [client 61.246.127.138:57615] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|enjoymycondos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "enjoymycondos.com"] [uri "/xmlrpc.php"] [unique_id "aj4nLBzn_-mKQbtCldxpkwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 05:11:27
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:11:17.326449 2026] [security2:error] [pid 30595:tid 30595] [client 61.246.127.138:60761] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|cubbylure.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cubbylure.com"] [uri "/xmlrpc.php"] [unique_id "aj4J9QYbKC5nqS1e948YzAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-26 04:38:14
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-19 06:19:17
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 02:19:14.617036 2026] [security2:error] [pid 8742:tid 8742] [client 61.246.127.138:54415] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|godcanuseyou.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "godcanuseyou.com"] [uri "/xmlrpc.php"] [unique_id "ajTfYttBLu60xcukQRF1VQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 00:14:30
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 20:14:27.268263 2026] [security2:error] [pid 30286:tid 30286] [client 61.246.127.138:54977] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|baselinesc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "baselinesc.com"] [uri "/xmlrpc.php"] [unique_id "ajSJ41hmTHAIYD072Pt-qwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-18 22:32:22
(2 weeks ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-18 20:08:10
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:08:02.050352 2026] [security2:error] [pid 23720:tid 23720] [client 61.246.127.138:51239] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|wpcoc.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wpcoc.org"] [uri "/xmlrpc.php"] [unique_id "ajRQIvtxgImsxLlqQEBh6QAAACw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-18 19:35:39
(2 weeks ago)
[redacted] 61.246.127.138 - - [18/Jun/2026:21:34:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 61.246.127.138 - - [18/Jun/2026:21:34:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.2; http://site31623854.com"
[redacted] 61.246.127.138 - - [18/Jun/2026:21:35:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 61.246.127.138 - - [18/Jun/2026:21:35:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 61.246.127.138 - - [18/Jun/2026:21:35:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com"
[redacted] 61.246.127.138 - - [18/Jun/2026:21:35:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)"
...
show less
Hacking
Web App Attack
๐ซ๐ท
francoisunix
2026-06-18 15:19:05
(2 weeks ago)
61.246.127.138 - - [18/Jun/2026:15:18:22 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.c ...
show more
61.246.127.138 - - [18/Jun/2026:15:18:22 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
61.246.127.138 - - [18/Jun/2026:15:18:32 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.5; WordPress/6.2; http://site66771884.com"
61.246.127.138 - - [18/Jun/2026:15:18:42 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
61.246.127.138 - - [18/Jun/2026:15:18:53 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com"
61.246.127.138 - - [18/Jun/2026:15:19:03 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
...
show less
Web App Attack
Anonymous
2026-06-18 14:17:05
(2 weeks ago)
Fail2ban filtered
...
Web App Attack
๐ฆ๐บ
QT
2026-06-18 13:47:00
(2 weeks ago)
Unauthorised WordPress admin login attempted at 2026-06-18 23:46:59 +1000
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 09:44:59
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:44:56.251770 2026] [security2:error] [pid 23029:tid 23029] [client 61.246.127.138:64135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|uphillfarmvt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "uphillfarmvt.com"] [uri "/xmlrpc.php"] [unique_id "ajO-GDnNzQGlnXgXPcpBDQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
clapper
2026-06-18 08:42:40
(2 weeks ago)
(mod_security) mod_security (id:350202) triggered by 61.246.127.138 (IN/India/dsl-tn-dynamic-138.127 ...
show more
(mod_security) mod_security (id:350202) triggered by 61.246.127.138 (IN/India/dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 5 in the last 600 secs; ID: rub
show less
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-18 08:12:03
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:11:58.906755 2026] [security2:error] [pid 4254:tid 4254] [client 61.246.127.138:63404] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|dynamic-therapy-mn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "ajOoThQt6vbJZ5QyLrZTbwAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-18 06:39:57
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.a ...
show more
(mod_security) mod_security (id:240335) triggered by 61.246.127.138 (dsl-tn-dynamic-138.127.246.61.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:39:51.318645 2026] [security2:error] [pid 19701:tid 19701] [client 61.246.127.138:54958] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 61.246.127.138 (+1 hits since last alert)|zerotaxlab.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zerotaxlab.com"] [uri "/xmlrpc.php"] [unique_id "ajOStyDEBY0lYI1TBl7yfAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack