๐ฉ๐ช
4server
2026-07-15 17:06:48
(19 hours ago)
[WedJul1519:06:44.2274112026][security2:error][pid3636863:tid3636913][client121.127.34.195:0]ModSecu ...
show more
[WedJul1519:06:44.2274112026][security2:error][pid3636863:tid3636913][client121.127.34.195:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"gruppobalu.com\"][uri\"/xmlrpc.php\"][unique_id\"ale-JGAwgZgZPwFcAyXzLQAAAcA\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
interbiznw.com
2026-07-15 14:05:37
(22 hours ago)
fail2ban-ban
Hacking
Brute-Force
Exploited Host
Web App Attack
Anonymous
2026-07-15 13:53:51
(22 hours ago)
[redacted] 121.127.34.195 - - [15/Jul/2026:15:52:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ...
show more
[redacted] 121.127.34.195 - - [15/Jul/2026:15:52:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36"
[redacted] 121.127.34.195 - - [15/Jul/2026:15:52:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/64.0.0.0 Safari/537.36"
[redacted] 121.127.34.195 - - [15/Jul/2026:15:52:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/72.0.0.0 Safari/537.36"
[redacted] 121.127.34.195 - - [15/Jul/2026:15:52:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/86.0.0.0 Safari/537.36"
[redacted] 121.127.34.195 - - [15/Jul/2026:15:53:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozil
...
show less
Hacking
Web App Attack
๐ซ๐ท
Jimbo67
2026-07-15 13:06:48
(23 hours ago)
Cloudflare WAF: 1 hits in 30s | action=block | abuse=wordpress_probe | categories=19,21 | rule_id=01 ...
show more
Cloudflare WAF: 1 hits in 30s | action=block | abuse=wordpress_probe | categories=19,21 | rule_id=0189a8c2c2ab4a60bc709bad14577d18 | URIs=/xmlrpc.php | confidence=0.82
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
SodaAudit.app
2026-07-14 09:43:49
(2 days ago)
[sodaaudit.app] Web app attack. Timestamp: 2026-07-14T07:46:18.000Z. 1 probe events, 1 distinct path ...
show more
[sodaaudit.app] Web app attack. Timestamp: 2026-07-14T07:46:18.000Z. 1 probe events, 1 distinct path(s). Paths (payload): /xmlrpc.php
show less
Web App Attack
๐บ๐ธ
mnsf
2026-07-14 03:05:15
(2 days ago)
Xmlrpc Caught (6)
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-14 00:53:58
(2 days ago)
121.127.34.195 - - [13/Jul/2026:20:52:39 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5. ...
show more
121.127.34.195 - - [13/Jul/2026:20:52:39 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/90.0.0.0 Safari/537.36"
121.127.34.195 - - [13/Jul/2026:20:53:08 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/65.0.0.0 Safari/537.36"
121.127.34.195 - - [13/Jul/2026:20:53:24 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/85.0.0.0 Safari/537.36"
121.127.34.195 - - [13/Jul/2026:20:53:43 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/85.0.0.0 Safari/537.36"
121.127.34.195 - - [13/Jul/2026:20:53:56 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/78.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ซ๐ฎ
stinpriza
2026-07-13 21:36:59
(2 days ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 09:36:06
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 121.127.34.195 (121.127.34.195.static.ryamer.ne ...
show more
(mod_security) mod_security (id:225170) triggered by 121.127.34.195 (121.127.34.195.static.ryamer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 05:35:59.899544 2026] [security2:error] [pid 18757:tid 18757] [client 121.127.34.195:60642] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rodzillacharters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rodzillacharters.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alSxf8hayGUtRecfGXoAwgAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
nextoo.de
2025-11-09 20:33:44
(8 months ago)
Chat Spam
Web Spam
Anonymous
2025-10-28 12:41:02
(8 months ago)
Malicious activity detected
Hacking
Web App Attack