๐ฎ๐ณ
evicky2002
2026-07-16 06:00:00
(21 hours ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ง๐ช
cmbplf
2026-07-15 16:21:13
(1 day ago)
2.411 requests with url.path */xmlrpc.php
2.411 requests with url.path //xmlrpc.php
Brute-Force
Bad Web Bot
๐ณ๐ฟ
Antinson
2026-07-15 16:14:12
(1 day ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ซ๐ท
aldene.info
2026-07-15 16:00:45
(1 day ago)
[librenms] Banned by Fail2ban (Jail: syswarden-cms-honeypot)
Hacking
Brute-Force
๐บ๐ฆ
URAN Publishing Service
2026-07-15 15:51:43
(1 day ago)
34.13.130.16 - - [15/Jul/2026:18:51:42 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "- ...
show more
34.13.130.16 - - [15/Jul/2026:18:51:42 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.13.130.16 - - [15/Jul/2026:18:51:43 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
LRob
2026-07-15 15:47:03
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: //xmlrpc.php | UA: Mozilla/5.0 (Windows N ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: //xmlrpc.php | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-15 15:43:57
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
konseptit
2026-07-15 15:41:20
(1 day ago)
(wordpress) Failed wordpress login from 34.13.130.16 (16.130.13.34.bc.googleusercontent.com)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-15 15:27:04
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 34.13.130.16 (16.130.13.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.13.130.16 (16.130.13.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:26:58.329344 2026] [security2:error] [pid 28387:tid 28387] [client 34.13.130.16:65364] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lawrencehale.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lawrencehale.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alemwhAeUipxXe0AEyl9BQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
largo-it.net
2026-07-15 15:16:03
(1 day ago)
Jul 15 17:16:02 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:02.838] www_fron ...
show more
Jul 15 17:16:02 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:02.838] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/56/67 404 3252 - - ---- 71/17/0/0/0 0/0 "GET //wp-includes/ID3/license.txt HTTP/1.1"
Jul 15 17:16:02 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:02.906] www_frontend~ finance_cluster/finance1_test1_https 33/0/10/48/91 404 3151 - - ---- 72/17/0/0/0 0/0 "GET //feed/ HTTP/1.1"
Jul 15 17:16:03 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:02.998] www_frontend~ finance_cluster/finance1_test1_https 25/0/10/66/101 404 3151 - - ---- 72/17/0/0/0 0/0 "GET //xmlrpc.php?rsd HTTP/1.1"
Jul 15 17:16:03 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:03.099] www_frontend~ finance_cluster/finance1_test1_https 24/0/11/61/96 404 3151 - - ---- 73/17/0/0/0 0/0 "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1"
Jul 15 17:16:03 vps-9f3cdc33 haproxy[908122]: 34.13.130.16:61079 [15/Jul/2026:17:16:03
...
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 15:07:39
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 34.13.130.16 (16.130.13.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.13.130.16 (16.130.13.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:07:36.028962 2026] [security2:error] [pid 2963:tid 2963] [client 34.13.130.16:58294] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.lajoze.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lajoze.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aleiOGIabD6P24D6nPuJPQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-15 15:05:03
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
Anonymous
2026-07-15 15:04:36
(1 day ago)
34.13.130.16 - - [15/Jul/2026:17:04:35 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 438 "- ...
show more
34.13.130.16 - - [15/Jul/2026:17:04:35 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.13.130.16 - - [15/Jul/2026:17:04:35 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.13.130.16 - - [15/Jul/2026:17:04:36 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.13.130.16 - - [15/Jul/2026:17:04:36 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.13.130.16 - - [15/Jul/2026:17:04:36 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 438 "-" "Mozilla
...
show less
Brute-Force
Web App Attack
Anonymous
2026-07-15 15:04:03
(1 day ago)
Try to connect to Port_Scan_80_stealth
Port Scan
Anonymous
2026-07-15 14:59:59
(1 day ago)
[ns67.kdns.gr] httpd-suspicious-path: sites=kapaweb.gr,"kapaweb.gr","www.kweb.gr"; logs=/var/www/vho ...
show more
[ns67.kdns.gr] httpd-suspicious-path: sites=kapaweb.gr,"kapaweb.gr","www.kweb.gr"; logs=/var/www/vhosts/kapaweb.gr/logs/access_ssl_log,/var/www/vhosts/system/kapaweb.gr/logs/access_ssl_log,/var/www/vhosts/system/kapaweb.gr/logs/proxy_access_log; samples=//wp-includes/ID3/license.txt | //blog/wp-includes/wlwmanifest.xml | //web/wp-includes/wlwmanifest.xml
show less
Hacking
Web App Attack