๐ซ๐ท
LRob
2026-07-08 18:27:41
(58 minutes ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["//xmlrpc.php"] | UA: ["Mozilla/5.0 (Win ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["//xmlrpc.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"]
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 17:18:02
(2 hours ago)
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:17:57.338715 2026] [security2:error] [pid 3868:tid 3868] [client 159.26.120.21:30794] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pattenden.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pattenden.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak6GRQW66BVLUMcFVDfScAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
rh24
2026-07-08 17:08:09
(2 hours ago)
(wordpress) Failed wordpress login from 159.26.120.21 (UA/Ukraine/-): (CF_ENABLE)
Brute-Force
Anonymous
2026-07-08 11:24:35
(8 hours ago)
159.26.120.21 - - [08/Jul/2026:19:24:35 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 200 834 "-" "Mozilla/ ...
show more
159.26.120.21 - - [08/Jul/2026:19:24:35 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 200 834 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-08 11:24:26
(8 hours ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 11:17:39
(8 hours ago)
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 07:17:35.141635 2026] [security2:error] [pid 19481:tid 19481] [client 159.26.120.21:12613] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.azcrittergetter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.azcrittergetter.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak4xzw2O7QCJWFdQ1SG6eAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
konseptit
2026-07-08 10:42:06
(8 hours ago)
(wordpress) Failed wordpress login from 159.26.120.21 (UA/Ukraine/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-08 10:01:17
(9 hours ago)
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 06:01:11.377715 2026] [security2:error] [pid 23656:tid 23656] [client 159.26.120.21:8755] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.creationorevolution.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.creationorevolution.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak4f59ohALTOW4WMq91DfAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Kenshin869
2026-07-08 08:48:20
(10 hours ago)
Wordpress unauthorized access attempt
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-08 08:29:05
(10 hours ago)
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 159.26.120.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 04:29:00.095050 2026] [security2:error] [pid 25860:tid 25860] [client 159.26.120.21:42846] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||opticasprisma.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "opticasprisma.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak4KTD63w3LGLRIBABKjFgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-08 07:01:18
(12 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
nyt
2026-07-08 06:59:44
(12 hours ago)
Empty UA + error, Unusual request for xmlrpc.php file
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-08 06:44:05
(12 hours ago)
(xmlrpc) Failed xmlrpc access from 159.26.120.21 (UA/Ukraine/-): 5 in the last 3600 secs (0-122)
Hacking
๐ซ๐ฎ
KnightIndustries
2026-07-08 05:02:45
(14 hours ago)
2026-07-08T07:02:44.490342+02:00 milkyway wordpress(oldscarborough.com)[2574678]: XML-RPC authentica ...
show more
2026-07-08T07:02:44.490342+02:00 milkyway wordpress(oldscarborough.com)[2574678]: XML-RPC authentication failure for joshua from 159.26.120.21
2026-07-08T07:02:44.804235+02:00 milkyway wordpress(oldscarborough.com)[2586528]: XML-RPC authentication failure for joshua from 159.26.120.21
2026-07-08T07:02:45.117778+02:00 milkyway wordpress(oldscarborough.com)[2593439]: XML-RPC authentication failure for joshua from 159.26.120.21
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-07-08 04:54:03
(14 hours ago)
Wordfence waf block on ohrsol
Web App Attack