๐ฉ๐ช
milcraft.nl
2026-07-04 00:34:36
(5 days ago)
Repeated requests targeting login endpoints, indicating potential brute-force or credential-stuffing ...
show more
Repeated requests targeting login endpoints, indicating potential brute-force or credential-stuffing attempts. Related signal: Requests targeting the XML-RPC endpoint, commonly used in amplification attacks or brute-force login attempts.. Activity...
show less
Brute-Force
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-03 04:51:02
(5 days ago)
trying wp-login.php/xmlrpc.php 33 times in 1 minutes
Brute-Force
Web App Attack
Anonymous
2026-07-03 04:40:13
(5 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-03 04:30:46
(5 days ago)
(wordpress) Failed wordpress login from 20.163.6.176 (US/United States/-)
Brute-Force
Anonymous
2026-07-03 04:15:52
(5 days ago)
Web attack blocked by Wordfence on www.charlesquaedvlieg.nl (1 hit). Reported by CRMON.
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 04:13:36
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 00:13:32.585370 2026] [security2:error] [pid 24467:tid 24467] [client 20.163.6.176:4443] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||daveweisman.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "daveweisman.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akc27CP-cLzgtEMiY80QxAAAAEg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 03:49:31
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 23:49:28.781821 2026] [security2:error] [pid 4489:tid 4489] [client 20.163.6.176:3781] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||achari.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "achari.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akcxSCrL2Y6kQnGXFRdKbQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐น
Renรฉ Hickersberger
2026-07-03 03:35:23
(5 days ago)
malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; ...
show more
malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 03:21:23
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 23:21:17.989791 2026] [security2:error] [pid 22157:tid 22157] [client 20.163.6.176:3921] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||indiahouseportland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "indiahouseportland.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akcqrfryXwcr3PQ9suBdLAAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-03 03:18:19
(5 days ago)
(modsec_5015) ModSec 5015: Suspicious User-Agent from 20.163.6.176 (US/United States/-): 1 in the la ...
show more
(modsec_5015) ModSec 5015: Suspicious User-Agent from 20.163.6.176 (US/United States/-): 1 in the last 3600 secs (0-196)
show less
Hacking
๐ฉ๐ช
4server
2026-07-03 03:10:41
(5 days ago)
[FriJul0305:10:39.3080642026][security2:error][pid3806528:tid3806630][client20.163.6.176:0]ModSecuri ...
show more
[FriJul0305:10:39.3080642026][security2:error][pid3806528:tid3806630][client20.163.6.176:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"giuseppeasaro.com\"][uri\"/xmlrpc.php\"][unique_id\"akcoL9jdQP2LHzoPYMxr9gAAAQM\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 02:54:10
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 22:54:03.982784 2026] [security2:error] [pid 21391:tid 21391] [client 20.163.6.176:4271] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||proyectomanhattan.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "proyectomanhattan.info"] [uri "/wp-json/wp/v2/users/"] [unique_id "akckS_Thulu2krQ3X06JwwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-07-03 02:50:43
(5 days ago)
Wordpress Vunerability attack
Web App Attack
๐ฉ๐ช
Reinhard
2026-07-03 02:43:42
(5 days ago)
Software package attack. /wp-json/wp/v2/users/
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 02:39:09
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 20.163.6.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 22:39:03.938624 2026] [security2:error] [pid 20137:tid 20137] [client 20.163.6.176:3519] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mrbss.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mrbss.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akcgx9Saa8gSn2huc89FlQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack