๐บ๐ธ
TPI-Abuse
2026-06-22 22:11:08
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:11:00.917500 2026] [security2:error] [pid 16558:tid 16565] [client 136.37.145.123:56258] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||howlerrock.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "howlerrock.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajmy9Kt52RXnmZLge19QPwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 17:37:45
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 13:37:41.521801 2026] [security2:error] [pid 15784:tid 15784] [client 136.37.145.123:53306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||climasyequipos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "climasyequipos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajly5e12531gB4QIIWjGsgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
strxmpp
2026-06-21 21:32:41
(1 week ago)
136.37.145.123 - - [21/Jun/2026:23:32:40 +0200] "POST /xmlrpc.php HTTP/1.1" 404 4644 "-" "Mozilla/5. ...
show more
136.37.145.123 - - [21/Jun/2026:23:32:40 +0200] "POST /xmlrpc.php HTTP/1.1" 404 4644 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
...
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-03 19:16:09
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 15:16:02.582545 2026] [security2:error] [pid 1797:tid 1797] [client 136.37.145.123:54304] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ralphharris.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ralphharris.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aiB9cqUbmwfGdVPFjCE7gQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-29 02:12:09
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 22:12:01.870669 2026] [security2:error] [pid 31736:tid 31736] [client 136.37.145.123:64970] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||camasmarket.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "camasmarket.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahj18bgNsixgAU84a38zDAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-05-28 04:16:55
(1 month ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack
Anonymous
2026-05-28 02:12:31
(1 month ago)
[redacted] 136.37.145.123 - - [28/May/2026:04:11:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ...
show more
[redacted] 136.37.145.123 - - [28/May/2026:04:11:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/90.0.0.0 Safari/537.36"
[redacted] 136.37.145.123 - - [28/May/2026:04:11:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
[redacted] 136.37.145.123 - - [28/May/2026:04:11:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/69.0.0.0 Safari/537.36"
[redacted] 136.37.145.123 - - [28/May/2026:04:11:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/80.0.0.0 Safari/537.36"
[redacted] 136.37.145.123 - - [28/May/2026:04:11:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6
...
show less
Hacking
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-05-28 02:01:30
(1 month ago)
Attempted access to non existent wordpress urls
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-05-27 15:11:47
(1 month ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฆ๐บ
MAGIC
2026-05-15 02:00:35
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐ฉ๐ช
4server
2026-05-13 23:11:04
(1 month ago)
[ThuMay1401:11:00.3522872026][security2:error][pid2395637:tid2395677][client136.37.145.123:0]ModSecu ...
show more
[ThuMay1401:11:00.3522872026][security2:error][pid2395637:tid2395677][client136.37.145.123:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"tecnospinasagl.ch\"][uri\"/xmlrpc.php\"][unique_id\"agUFBEzwwAk67AZkHARj7wAAAEQ\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-10 01:13:03
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net) ...
show more
(mod_security) mod_security (id:225170) triggered by 136.37.145.123 (136-37-145-123.googlefiber.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 21:12:57.491132 2026] [security2:error] [pid 22926:tid 22926] [client 136.37.145.123:55212] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hollyndlaw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hollyndlaw.com"] [uri "/wp-json/wp/v2/users"] [unique_id "af_bmXQCr2rs1rTqTyr3FgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-09 19:30:56
(1 month ago)
136.37.145.123 - - [09/May/2026:21:29:05 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 ...
show more
136.37.145.123 - - [09/May/2026:21:29:05 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36"
136.37.145.123 - - [09/May/2026:21:29:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36"
136.37.145.123 - - [09/May/2026:21:30:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/75.0.0.0 Safari/537.36"
136.37.145.123 - - [09/May/2026:21:30:43 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/75.0.0.0 Safari/537.36"
136.37.145.123 - - [09/May/2026:21:30:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) E
...
show less
Brute-Force
Web App Attack
๐จ๐ฆ
Paulo Henrique dos Santos Nichio
2026-05-09 15:22:52
(1 month ago)
(ls_brute) LiteSpeed Brute Force Attack 136.37.145.123 (US/United States/136-37-145-123.googlefiber. ...
show more
(ls_brute) LiteSpeed Brute Force Attack 136.37.145.123 (US/United States/136-37-145-123.googlefiber.net): 3 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026-05-09 12:22:29.502596 [WARN] [3765485] [T0] [136.37.145.123:61079#APVH_www.casasparaty.com.br:443] Brute force detected for IP [136.37.145.123], throttle.
2026-05-09 12:22:37.500254 [WARN] [3765485] [T0] [136.37.145.123:61079-1#APVH_www.casasparaty.com.br:443] Brute force detected for IP [136.37.145.123], throttle.
2026-05-09 12:22:47.512411 [WARN] [3765485] [T0] [136.37.145.123:61079-2#APVH_www.casasparaty.com.br:443] Brute force detected for IP [136.37.145.123], throttle.
show less
Port Scan
๐บ๐ธ
WellSpring
2026-04-29 21:01:36
(2 months ago)
xmlrpc exploit on prodigalmirror.org/xmlrpc.php โ WellSpr.ing/NetSentinel civic-AI security layer
Brute-Force
Web App Attack