๐บ๐ธ
OceanTreasure
2026-07-16 13:47:23
(7 hours ago)
tcp/443; Windows Live Writer manifest enumeration: "GET //wp-includes/wlwmanifest.xml" @ 2026-07-16T ...
show more
tcp/443; Windows Live Writer manifest enumeration: "GET //wp-includes/wlwmanifest.xml" @ 2026-07-16T13:38:16Z [proxy]
show less
Brute-Force
๐บ๐ธ
Victor Lรณpez
2026-07-16 13:38:37
(7 hours ago)
s10.digitalhypepro.com 34.7.181.35 - - [16/Jul/2026:08:38:36 -0500] "GET //xmlrpc.php?rsd HTTP/2.0" ...
show more
s10.digitalhypepro.com 34.7.181.35 - - [16/Jul/2026:08:38:36 -0500] "GET //xmlrpc.php?rsd HTTP/2.0" 200 3205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -
s10.digitalhypepro.com 34.7.181.35 - - [16/Jul/2026:08:38:36 -0500] "POST //xmlrpc.php HTTP/2.0" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -
s10.digitalhypepro.com 34.7.181.35 - - [16/Jul/2026:08:38:36 -0500] "POST //xmlrpc.php HTTP/2.0" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" -
...
show less
Hacking
Web App Attack
Anonymous
2026-07-16 13:35:08
(7 hours ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
pltcldvlpr
2026-07-16 13:24:33
(7 hours ago)
CMS/framework probe: 34.7.181.35 - - [16/Jul/2026:15:24:32 +0200] "GET //wp-includes/wlwmanifest.xml ...
show more
CMS/framework probe: 34.7.181.35 - - [16/Jul/2026:15:24:32 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 400 141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" asn=396982 org="Google LLC" country=NL
...
show less
Web App Attack
๐บ๐ธ
kosada.com
2026-07-16 13:23:15
(7 hours ago)
Web vulnerability probing: //wordpress/wp-includes/wlwmanifest.xml
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-07-16 13:20:09
(8 hours ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 13:19:01
(8 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.7.181.35 (35.181.7.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:225170) triggered by 34.7.181.35 (35.181.7.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 09:18:53.249927 2026] [security2:error] [pid 16597:tid 16597] [client 34.7.181.35:50422] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smogsandiego.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "smogsandiego.com"] [uri "/listings/category/central-coastal-san-diego/wp-json/wp/v2/users/"] [unique_id "aljaPXmwNVdVoctbZtUAcwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-07-16 13:17:12
(8 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 12:52:52
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 34.7.181.35 (35.181.7.34.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:240335) triggered by 34.7.181.35 (35.181.7.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 08:52:46.376693 2026] [security2:error] [pid 31747:tid 31747] [client 34.7.181.35:56766] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 34.7.181.35 (+1 hits since last alert)|www.pondplain.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.pondplain.org"] [uri "/xmlrpc.php"] [unique_id "aljUHtiCZ05Fspo9YuOEkwAAACM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-07-16 12:52:24
(8 hours ago)
Scanning for exploits - /process-serving//wp-includes/wlwmanifest.xml
Web App Attack
๐ฎ๐น
VHosting
2026-07-16 12:50:04
(8 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ณ๐ฑ
WeCloudit-Anti-Abuse
2026-07-16 12:39:14
(8 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking