🇺🇸
TPI-Abuse
2026-07-04 01:36:18
(15 hours ago)
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in ...
show more
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 21:36:13.267715 2026] [security2:error] [pid 21152:tid 21152] [client 170.239.1.28:31427] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||allfloridamedia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "allfloridamedia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akhjjfwYN9ccGmVypvYJcQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇳🇿
Tripwire
2026-07-03 21:41:27
(19 hours ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
🇺🇸
TPI-Abuse
2026-07-03 15:02:17
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in ...
show more
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 11:02:10.093396 2026] [security2:error] [pid 19071:tid 19071] [client 170.239.1.28:30965] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mrflatpeople.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mrflatpeople.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akfO8k3UU_62HwhmXUsfJQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-03 03:45:41
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in ...
show more
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 23:45:36.115010 2026] [security2:error] [pid 18112:tid 18112] [client 170.239.1.28:30775] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ultratecnologia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ultratecnologia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akcwYGjSKUtLeefuC6p_9gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇺🇸
TPI-Abuse
2026-07-02 21:28:38
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in ...
show more
(mod_security) mod_security (id:225170) triggered by 170.239.1.28 (as52878.pa.carajasnet.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 17:28:32.582590 2026] [security2:error] [pid 492:tid 492] [client 170.239.1.28:29607] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pikespeakjazz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pikespeakjazz.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akbYAHmNUWUPfQ8wtA8U8wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
🇮🇩
Burayot
2026-06-30 22:50:07
(3 days ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 170.239.1.28 (BR/Brazil/as52878.pa. ...
show more
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 170.239.1.28 (BR/Brazil/as52878.pa.carajasnet.com): 1 in the last 3600 secs
show less
Web App Attack
🇳🇱
wlt-blocker
2026-06-29 15:28:51
(5 days ago)
Unauthorized access to webpage admin
Web App Attack
Anonymous
2026-06-28 19:25:48
(5 days ago)
[redacted] 170.239.1.28 - - [28/Jun/2026:21:24:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mo ...
show more
[redacted] 170.239.1.28 - - [28/Jun/2026:21:24:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:21:25:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/87.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:21:25:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/82.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:21:25:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:21:25:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86)
...
show less
Hacking
Web App Attack
Anonymous
2026-06-28 18:56:14
(5 days ago)
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mo ...
show more
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/72.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [28/Jun/2026:20:55:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4
...
show less
Hacking
Web App Attack
🇩🇪
LRob
2026-06-28 02:30:03
(6 days ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
🇲🇹
Malta
2026-06-27 15:59:22
(1 week ago)
170.239.1.28 - - [27/Jun/2026:17:59:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; I ...
show more
170.239.1.28 - - [27/Jun/2026:17:59:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
🇳🇴
jad-abuse
2026-06-26 01:59:44
(1 week ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
🇫🇷
dynamix
2026-06-25 20:19:19
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-06-23 22:42:36
(1 week ago)
[redacted] 170.239.1.28 - - [24/Jun/2026:00:41:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mo ...
show more
[redacted] 170.239.1.28 - - [24/Jun/2026:00:41:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [24/Jun/2026:00:41:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [24/Jun/2026:00:41:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/14.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [24/Jun/2026:00:41:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36"
[redacted] 170.239.1.28 - - [24/Jun/2026:00:42:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows N
...
show less
Hacking
Web App Attack
🇩🇪
Prodscape
2026-06-23 06:56:10
(1 week ago)
(XMLRPC) WP XMLPRC Attack 170.239.1.28 (BR/Brazil/as52878.pa.carajasnet.com): 5 in the last 86400 se ...
show more
(XMLRPC) WP XMLPRC Attack 170.239.1.28 (BR/Brazil/as52878.pa.carajasnet.com): 5 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER
show less
Port Scan