Anonymous
2026-07-14 07:19:57
(1 day ago)
[Firewall Canary] Temporary ban due to firewall rule match [URI:*/xmlrpc.php]
Bad Web Bot
Web App Attack
๐จ๐ญ
4server
2026-07-14 07:15:24
(1 day ago)
[TueJul1409:15:17.2388512026][security2:error][pid1924414:tid1924642][client103.150.242.86:0]ModSecu ...
show more
[TueJul1409:15:17.2388512026][security2:error][pid1924414:tid1924642][client103.150.242.86:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"safertechnics.ch\"][uri\"/xmlrpc.php\"][unique_id\"alXiBbL7dgR-JWzA20HYfwAAAYM\"]
show less
Hacking
Web App Attack
๐ณ๐ฟ
Tripwire
2026-07-13 07:34:03
(2 days ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 06:54:08
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 02:54:01.450059 2026] [security2:error] [pid 32239:tid 32239] [client 103.150.242.86:50132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mariarozella.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mariarozella.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alSLiS9IrCohL13H4ktPGgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-13 06:29:57
(2 days ago)
[MonJul1308:29:52.4780122026][security2:error][pid3590059:tid3590118][client103.150.242.86:0]ModSecu ...
show more
[MonJul1308:29:52.4780122026][security2:error][pid3590059:tid3590118][client103.150.242.86:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"life-live.ch\"][uri\"/xmlrpc.php\"][unique_id\"alSF4DuLMTdHTAFNF-nAUgAAAFA\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-10 10:00:48
(5 days ago)
103.150.242.86 - - [10/Jul/2026:05:59:33 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5. ...
show more
103.150.242.86 - - [10/Jul/2026:05:59:33 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/88.0.0.0 Safari/537.36"
103.150.242.86 - - [10/Jul/2026:05:59:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/66.0.0.0 Safari/537.36"
103.150.242.86 - - [10/Jul/2026:06:00:11 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/80.0.0.0 Safari/537.36"
103.150.242.86 - - [10/Jul/2026:06:00:32 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/66.0.0.0 Safari/537.36"
103.150.242.86 - - [10/Jul/2026:06:00:47 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5239 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/94.0.0.0 Safari/537.36"
...
show less
Web App Attack
Anonymous
2026-07-06 08:53:23
(1 week ago)
103.150.242.86 - - [06/Jul/2026:08:53:23 +0000] "POST /xmlrpc.php HTTP/1.1" 404 17313 "-" "Mozilla/5 ...
show more
103.150.242.86 - - [06/Jul/2026:08:53:23 +0000] "POST /xmlrpc.php HTTP/1.1" 404 17313 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/94.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 10:06:03
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 06:05:56.301547 2026] [security2:error] [pid 4227:tid 4227] [client 103.150.242.86:61387] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||redlitephotos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "redlitephotos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akY4BEtGH0T3g_uUj8abHAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 09:35:52
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 05:35:43.601383 2026] [security2:error] [pid 26230:tid 26254] [client 103.150.242.86:58496] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||plumeraproductions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "plumeraproductions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akYw783ZVLw6gVgsSgqVyQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 13:22:37
(2 weeks ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ณ๐ฟ
Tripwire
2026-06-30 12:45:54
(2 weeks ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
๐บ๐ธ
kosada.com
2026-06-29 09:47:16
(2 weeks ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-24 06:50:32
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 02:50:26.878792 2026] [security2:error] [pid 391:tid 391] [client 103.150.242.86:56637] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||digi-estudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "digi-estudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajt-MikIyln7t5RG1A3fTwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-23 07:12:52
(3 weeks ago)
103.150.242.86 - - [23/Jun/2026:15:12:52 +0800] "POST /xmlrpc.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 ...
show more
103.150.242.86 - - [23/Jun/2026:15:12:52 +0800] "POST /xmlrpc.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 12:18:52
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): ...
show more
(mod_security) mod_security (id:225170) triggered by 103.150.242.86 (103-150-242-86.signin.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 08:18:43.125557 2026] [security2:error] [pid 3293:tid 3293] [client 103.150.242.86:59722] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||shannonraevocalstudio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "shannonraevocalstudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajkoIzj4ffLWLNg6dAjnywAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack