๐บ๐ธ
agenciahypelab.com.br
2026-07-09 16:16:58
(1 day ago)
WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER
Brute-Force
SSH
Anonymous
2026-07-09 16:16:21
(1 day ago)
[server.tmg.gr] httpd-xmlrpc-post: sites=www.cardiorenal2023.gr; logs=/var/log/httpd/domains/cardior ...
show more
[server.tmg.gr] httpd-xmlrpc-post: sites=www.cardiorenal2023.gr; logs=/var/log/httpd/domains/cardiorenal2023.gr.log; samples=//xmlrpc.php
show less
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-09 16:14:10
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["//xmlrpc.php"] | UA: ["Mozilla/5.0 (Win ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["//xmlrpc.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"]
show less
Brute-Force
Web App Attack
๐บ๐ธ
bigwavedave
2026-07-09 16:12:50
(1 day ago)
Wordpress Attack
Web App Attack
๐ง๐ท
dominioz
2026-07-09 16:10:06
(1 day ago)
2026-07-09 16:09:36 GET /wp-includes/wlwmanifest.xml - - 136.115.137.32 HTTP/1.1 Mozilla/5.0+(Window ...
show more
2026-07-09 16:09:36 GET /wp-includes/wlwmanifest.xml - - 136.115.137.32 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/78.0.3904.108+Safari/537.36 - 404 40977
2026-07-09 16:09:40 GET / author=2 - 136.115.137.32 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/78.0.3904.108+Safari/537.36 - 404 40977
2026-07-09 16:09:43 POST /xmlrpc.php - - 136.115.137.32 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/78.0.3904.108+Safari/537.36 - 200 648
2026-07-09 16:09:45 POST /xmlrpc.php - - 136.115.137.32 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/78.0.3904.108+Safari/537.36 - 200 648
...
show less
Web App Attack
Anonymous
2026-07-09 16:10:02
(1 day ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1
Hacking
Web App Attack
Anonymous
2026-07-09 16:08:12
(1 day ago)
[redacted] 136.115.137.32 - - [09/Jul/2026:18:07:59 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" ...
show more
[redacted] 136.115.137.32 - - [09/Jul/2026:18:07:59 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 136.115.137.32 - - [09/Jul/2026:18:08:01 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 136.115.137.32 - - [09/Jul/2026:18:08:02 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 136.115.137.32 - - [09/Jul/2026:18:08:03 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 136.115.137.32 - - [09/Jul/2026:18:08:04 +0200] "POST //xmlrpc.php HTTP/1.1" 200 41
...
show less
Hacking
Web App Attack
๐ง๐ช
brechtr
2026-07-09 16:08:09
(1 day ago)
[Press84-BanHammer] bad username โ Sourced from: brechtryckaert.com โ Request: POST /
Brute-Force
๐ฌ๐ง
Apache
2026-07-09 16:06:41
(1 day ago)
(mod_security) mod_security (id:210410) triggered by 136.115.137.32 (US/United States/32.137.115.136 ...
show more
(mod_security) mod_security (id:210410) triggered by 136.115.137.32 (US/United States/32.137.115.136.bc.googleusercontent.com): 5 in the last 300 secs (CF_ENABLE)
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
BlueWire Hosting
2026-07-09 16:00:31
(1 day ago)
Probing websites for vulnerabilities
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 16:00:13
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 136.115.137.32 (32.137.115.136.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 136.115.137.32 (32.137.115.136.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 12:00:09.988787 2026] [security2:error] [pid 11939:tid 11939] [client 136.115.137.32:64726] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.billwegener.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.billwegener.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak_FiRYjRIxzB2LBXpyqxAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-09 16:00:04
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-09 15:59:23
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐ท๐บ
DZBOT
2026-07-09 15:39:58
(1 day ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
SCHAPPY
2026-07-09 15:25:57
(1 day ago)
Bad bot identified by user agent
Bad Web Bot