๐ฆ๐บ
MAGIC
2025-10-06 03:05:40
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐บ๐ธ
Jason Howell
2025-10-06 02:03:15
(8 months ago)
156.253.179.94 - - [05/Oct/2025:21:02:56 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5. ...
show more
156.253.179.94 - - [05/Oct/2025:21:02:56 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"
156.253.179.94 - - [05/Oct/2025:21:03:03 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (SMART-TV; X11; Linux i686) AppleWebKit/535.20+ (KHTML, like Gecko) Version/5.0 Safari/535.20+"
156.253.179.94 - - [05/Oct/2025:21:03:10 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3294 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
156.253.179.94 - - [05/Oct/2025:21:03:13 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3293 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0"
156.253.179.94 - - [05/Oct/2025:21:03:14 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3294 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15G77"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-05 12:55:19
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 156.253.179.94 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 156.253.179.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 05 08:55:15.610244 2025] [security2:error] [pid 1275:tid 1275] [client 156.253.179.94:41665] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jennyfiore.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jennyfiore.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOJqsyR-NI4s3EuN7zuoQAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2025-09-28 23:47:17
(9 months ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2025-09-27 03:38:44
(9 months ago)
(bad_user_agent) srv101 Bad User-Agent 156.253.179.94 (FR/France/-): 10 in the last 3600 secs; Ports ...
show more
(bad_user_agent) srv101 Bad User-Agent 156.253.179.94 (FR/France/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐ฉ๐ช
applemooz
2025-09-27 02:08:18
(9 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐ซ๐ฎ
YF
2025-09-26 08:01:02
(9 months ago)
xmlrpc.php (Potential DDoS or brute force)
Brute-Force
Web App Attack
Anonymous
2025-09-20 03:49:47
(9 months ago)
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" " ...
show more
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Linux; Android 6.0; MYA-L22 Build/HUAWEIMYA-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36"
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-us) AppleWebKit/531.21.11 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10"
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts)"
[redacted] 156.253.179.94 - - [20/Sep/2025:05:49:42 +0200]
...
show less
Hacking
Web App Attack
Anonymous
2025-09-20 00:46:00
(9 months ago)
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" " ...
show more
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (iPad; CPU OS 11_4 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/67.0.3396.87 Mobile/15F79 Safari/604.1"
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0"
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/601.6.17 (KHTML, like Gecko) Version/9.1.1 Safari/537.86.6"
[redacted] 156.253.179.94 - - [20/Sep/2025:02:45:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5
...
show less
Hacking
Web App Attack
๐บ๐ธ
Rip
2025-09-13 06:03:13
(9 months ago)
Apache Authentication attack. CMS Brute Force - Access Forbidden
Brute-Force
Web App Attack
๐ฆ๐บ
oncord
2025-09-07 09:25:26
(9 months ago)
Form spam
Web Spam
๐จ๐ญ
backslash
2025-08-14 03:10:20
(10 months ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
๐ฆ๐บ
oncord
2025-08-08 08:28:02
(10 months ago)
Form spam
Web Spam
๐บ๐ธ
TPI-Abuse
2025-08-01 12:50:36
(10 months ago)
(mod_security) mod_security (id:225170) triggered by 156.253.179.94 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 156.253.179.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 08:50:31.655766 2025] [security2:error] [pid 13033:tid 13033] [client 156.253.179.94:13675] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||portraitsinblues.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "portraitsinblues.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aIy4F2b4kTHxr7guwDSY3QAAAAg"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
oncord
2025-07-18 21:24:18
(11 months ago)
Form spam
Web Spam