Anonymous
2026-07-15 06:37:22
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-14 22:21:43
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-06-29 12:16:42
(2 weeks ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐ฎ๐น
ciccio diddo
2026-04-06 03:58:56
(3 months ago)
CMS/WP Exploit xmlrpc port:Tcp/80,443
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-06 00:41:11
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 149.40.247.75 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 149.40.247.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 20:41:04.116442 2026] [security2:error] [pid 30311:tid 30311] [client 149.40.247.75:37921] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aaattanasio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aaattanasio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adMBIEkjliDg1e7xM8cJGwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-04-06 00:15:11
(3 months ago)
-:443 149.40.247.75 - - [06/Apr/2026:02:15:09 +0200] - "POST /xmlrpc.php HTTP/1.1" 404 5863 "-" "Moz ...
show more
-:443 149.40.247.75 - - [06/Apr/2026:02:15:09 +0200] - "POST /xmlrpc.php HTTP/1.1" 404 5863 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/85.0.0.0 Safari/537.36"
show less
Bad Web Bot
๐ฌ๐ง
Smish
2026-04-06 00:13:30
(3 months ago)
HONEYPOT HIT --> Fail2ban time=1775434408 log=2026-04-06T01:13:28+01:00 ip=149.40.247.75 host=as2106 ...
show more
HONEYPOT HIT --> Fail2ban time=1775434408 log=2026-04-06T01:13:28+01:00 ip=149.40.247.75 host=as210667.net method=POST uri="/xmlrpc.php" status=404 ua="Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.0.0 Safari/537.36" ref="-" rid=815be67760a5f9072692aef4798f42b2
show less
Web App Attack
๐ซ๐ฎ
as211431.net
2026-04-06 00:08:44
(3 months ago)
Triggered Cloudflare WAF (firewallCustom) from DE.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from DE.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (POST method)
Endpoint: /xmlrpc.php
UA: Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/79.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-04-05 22:31:39
(3 months ago)
(wordpress) Failed wordpress login from 149.40.247.75 (US/United States/-/-/-/[redacted])
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-04-05 21:33:48
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 149.40.247.75 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 149.40.247.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 17:33:40.493360 2026] [security2:error] [pid 9232:tid 9232] [client 149.40.247.75:38020] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||caddydad.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "caddydad.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adLVNGZJUzUIO7njzzylZgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack