๐ฉ๐ช
4server
2026-07-07 15:22:56
(4 days ago)
[TueJul0717:22:54.1678852026][security2:error][pid1537431:tid1537487][client160.238.92.233:0]ModSecu ...
show more
[TueJul0717:22:54.1678852026][security2:error][pid1537431:tid1537487][client160.238.92.233:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"formet.ch\"][uri\"/xmlrpc.php\"][unique_id\"ak0ZzoZK0XacGPq5ddrpGQAAAFQ\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ณ๐ฑ
i-turnradio.nl
2026-07-06 17:42:31
(5 days ago)
2026-07-06 @ 19:42:30 (CET) ~ Blocked for trying to access: /xmlrpc.php
Web App Attack
๐บ๐ธ
interbiznw.com
2026-07-06 17:42:13
(5 days ago)
fail2ban-ban
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฑ๐ป
garmtech.com
2026-07-05 04:47:07
(6 days ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-05 04:38:01
(6 days ago)
trying wp-login.php/xmlrpc.php 32 times in 1 minutes
Brute-Force
Web App Attack
๐จ๐ฆ
polycoda
2026-07-03 17:24:53
(1 week ago)
๐ Wordpress login brute force attempt
Hacking
Web App Attack
๐ซ๐ฎ
YF
2026-07-03 17:00:38
(1 week ago)
xmlrpc.php Potential DDoS or brute force
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-01 16:56:38
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl ...
show more
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 12:56:30.767356 2026] [security2:error] [pid 17304:tid 17304] [client 160.238.92.233:3746] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stoughtonpipeandwelding.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stoughtonpipeandwelding.net"] [uri "/wp-json/wp/v2/users"] [unique_id "akVGvuYnK_vwS_o0Lz93hgAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-28 17:32:48
(1 week ago)
Unauthorized access to webpage admin
Web App Attack
Anonymous
2026-06-28 05:31:15
(1 week ago)
160.238.92.233 - - [28/Jun/2026:07:31:15 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; A ...
show more
160.238.92.233 - - [28/Jun/2026:07:31:15 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/92.0.0.0 Safari/537.36"
show less
Web App Attack
๐ฉ๐ช
stinpriza
2026-06-27 18:07:16
(2 weeks ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 18:44:23
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl ...
show more
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 14:44:17.752134 2026] [security2:error] [pid 15790:tid 15790] [client 160.238.92.233:3820] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||j3pr.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "j3pr.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajGZge4PG1KnD3lUHsSq1AAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 17:51:51
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl ...
show more
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:51:48.934999 2026] [security2:error] [pid 16716:tid 16716] [client 160.238.92.233:4647] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||christaylorjazzpianist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "christaylorjazzpianist.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajA7tM2TQ8l2r20lsJBKcQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-15 16:52:55
(3 weeks ago)
[MonJun1518:52:49.4577652026][security2:error][pid72775:tid72929][client160.238.92.233:0]ModSecurity ...
show more
[MonJun1518:52:49.4577652026][security2:error][pid72775:tid72929][client160.238.92.233:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"giuseppeasaro.com\"][uri\"/xmlrpc.php\"][unique_id\"ajAt4WYCS0F6nEsfSecVqQAAAQc\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 20:26:48
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl ...
show more
(mod_security) mod_security (id:225170) triggered by 160.238.92.233 (233-92.238.160.static.gtplkcbpl.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 16:26:40.744120 2026] [security2:error] [pid 19874:tid 19874] [client 160.238.92.233:4921] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||canebrakes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "canebrakes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai29ACQhNCvzSP0uvzSOXAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack