πΊπΈ
ArturShelby
2026-07-15 17:07:20
(8 hours ago)
Honeypot triggered: /xmlrpc.php
Web App Attack
π³π΄
jad-abuse
2026-07-15 15:35:23
(10 hours ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
π©πͺ
ghostwarriors
2026-07-13 17:50:15
(2 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 17:27:40
(2 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-13 07:12:53
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 136.158.82.137 (137.82.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.158.82.137 (137.82.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:12:49.288831 2026] [security2:error] [pid 25529:tid 25529] [client 136.158.82.137:9590] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||method1.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "method1.net"] [uri "/wp-json/wp/v2/users"] [unique_id "alSP8d_zr49Rd7DlmpFUKwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
4server
2026-07-13 06:17:30
(2 days ago)
[MonJul1308:17:26.0662092026][security2:error][pid393902:tid393912][client136.158.82.137:0]ModSecuri ...
show more
[MonJul1308:17:26.0662092026][security2:error][pid393902:tid393912][client136.158.82.137:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"kvsm-blackstone.com\"][uri\"/xmlrpc.php\"][unique_id\"alSC9lQNAyuH2KwNGf4AgwAAAQc\"]
show less
Port Scan
Brute-Force
Web App Attack
π©πͺ
big-cloud.nl
2026-07-13 06:09:17
(2 days ago)
Try to access /xmlrpc.php
Web App Attack
π«π·
masterguru
2026-07-13 05:19:10
(2 days ago)
(xmlrpc) Apache: Failed xmlrpc access from 136.158.82.137 (PH/Philippines/137.82.158.136.convergeict ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 136.158.82.137 (PH/Philippines/137.82.158.136.convergeict.com): 10 in the last 3600 secs (0-201)
show less
Hacking
π©πͺ
dbmwebdesign
2026-07-12 20:25:12
(3 days ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
Anonymous
2026-07-12 18:55:19
(3 days ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
π¨π¦
SoteriaCovenant
2026-07-12 14:25:21
(3 days ago)
Automated probe: /xmlrpc.php on Soteria Global infrastructure. No vulnerable software present.
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-11 21:37:01
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 136.158.82.137 (137.82.158.136.convergeict.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.158.82.137 (137.82.158.136.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 17:36:55.905826 2026] [security2:error] [pid 9795:tid 9795] [client 136.158.82.137:54498] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bostonmarathonstories.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bostonmarathonstories.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alK3d7UyJyGmOUAgv9h-kwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-07-11 21:29:37
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
π§πΎ
lns.bz
2026-07-11 19:55:40
(4 days ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
Anonymous
2026-07-11 14:47:04
(4 days ago)
[redacted] 136.158.82.137 - - [11/Jul/2026:16:46:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ...
show more
[redacted] 136.158.82.137 - - [11/Jul/2026:16:46:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/14.0.0.0 Safari/537.36"
ifu-studienzentrum.de 136.158.82.137 - - [11/Jul/2026:16:46:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/87.0.0.0 Safari/537.36"
ifu-studienzentrum.de 136.158.82.137 - - [11/Jul/2026:16:46:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/97.0.0.0 Safari/537.36"
[redacted] 136.158.82.137 - - [11/Jul/2026:16:46:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/91.0.0.0 Safari/537.36"
[redacted] 136.158.82.137 - - [11/Jul/2026:16:46:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) Ap
...
show less
Hacking
Web App Attack