๐จ๐ญ
4server
2026-07-06 03:39:43
(12 hours ago)
[MonJul0605:39:36.1332302026][security2:error][pid1692024:tid1692263][client165.101.254.224:0]ModSec ...
show more
[MonJul0605:39:36.1332302026][security2:error][pid1692024:tid1692263][client165.101.254.224:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"filarmonicaagno.ch\"][uri\"/xmlrpc.php\"][unique_id\"aksjeDs1YIFVQ0QKkr7TgAAAAZg\"]
show less
Hacking
Web App Attack
๐บ๐ธ
kosada.com
2026-07-04 10:56:28
(2 days ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐ฎ๐ฉ
zam
2026-05-25 14:38:09
(1 month ago)
165.101.254.224 - - [25/May/2026:14:38:05 +0000] "POST /xmlrpc.php HTTP/1.1" 302 271
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-25 13:49:05
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 09:49:01.143599 2026] [security2:error] [pid 11899:tid 11899] [client 165.101.254.224:57480] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rockinr.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rockinr.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ahRTTci9yfiLAYZUCh_i3AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
infra-monitor
2026-05-25 13:00:06
(1 month ago)
Automated ban via infra-monitor: wp-sensitive-paths
Web App Attack
Anonymous
2026-05-16 10:01:37
(1 month ago)
Unauthorized connection attempt on Port 23
Port Scan
Hacking
Exploited Host
๐ซ๐ฎ
as211431.net
2026-05-05 14:55:18
(2 months ago)
Triggered Cloudflare WAF (firewallCustom) from PH.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from PH.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (POST method)
Endpoint: /xmlrpc.php
UA: Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-04 02:18:15
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 22:18:08.267214 2026] [security2:error] [pid 24768:tid 24768] [client 165.101.254.224:64020] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||idmadventures.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "idmadventures.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afgB4GZqz1hBFyrMTwN0KgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-22 00:06:10
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 20:06:03.681911 2026] [security2:error] [pid 1815979:tid 1815979] [client 165.101.254.224:60306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||convtek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "convtek.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aegQ62uv_WPou5kY9YqeegAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-04-09 08:30:06
(2 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-09 04:33:06
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 00:32:57.621647 2026] [security2:error] [pid 46294:tid 46294] [client 165.101.254.224:58566] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||leolion.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "leolion.net"] [uri "/wp-json/wp/v2/users"] [unique_id "adcr-VfZ7wjzDjZ4LYvcagAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
teamsecure
2026-04-06 01:43:44
(3 months ago)
Banned for trying to access xmlrpc
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-05 15:14:15
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 11:14:08.503624 2026] [security2:error] [pid 15437:tid 15437] [client 165.101.254.224:28385] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tcjohnston.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tcjohnston.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adJ8QKfCuW8EovihaPfNjwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-01 10:25:29
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 165.101.254.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 06:25:25.137285 2026] [security2:error] [pid 15918:tid 15918] [client 165.101.254.224:50130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||knoxbestos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "knoxbestos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aczylUGw3QzvuVYBjWAB2gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-03-19 14:05:05
(3 months ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack