๐ฉ๐ช
neckaralb-admin.de
2026-07-08 13:40:51
(2 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
Anonymous
2026-07-08 13:09:54
(3 hours ago)
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:33 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" " ...
show more
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:33 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:35 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:37 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:39 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.75.142.193 - - [08/Jul/2026:15:09:41 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) A
...
show less
Hacking
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-08 13:09:52
(3 hours ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/193.142.75.34.bc.googleusercontent.com
Web App Attack
Anonymous
2026-07-08 13:08:34
(3 hours ago)
34.75.142.193 - [08/Jul/2026:06:08:33 -0700] family.idavoll.dynu.net "GET //wp-includes/wlwmanifest. ...
show more
34.75.142.193 - [08/Jul/2026:06:08:33 -0700] family.idavoll.dynu.net "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 567
34.75.142.193 - [08/Jul/2026:06:08:33 -0700] family.idavoll.dynu.net "GET //xmlrpc.php?rsd HTTP/1.1" 404 567
34.75.142.193 - [08/Jul/2026:06:08:33 -0700] family.idavoll.dynu.net "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567
34.75.142.193 - [08/Jul/2026:06:08:33 -0700] family.idavoll.dynu.net "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567
34.75.142.193 - [08/Jul/2026:06:08:34 -0700] family.idavoll.dynu.net "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567
...
show less
Web App Attack
๐บ๐ธ
mnsf
2026-07-08 13:05:21
(3 hours ago)
Abuse Detected (13)
Brute-Force
Web App Attack
๐ฆ๐ฑ
router.al
2026-07-08 13:04:02
(3 hours ago)
07/08/2026-13:04:02.079754 34.75.142.193 Protocol: 6 GPL WEB_SERVER 403 Forbidden
Port Scan
๐ง๐ช
cmbplf
2026-07-08 13:01:23
(3 hours ago)
11.549 requests in 1 hour (1mo4w2d)
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-08 12:56:49
(3 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.75.142.193 (193.142.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.75.142.193 (193.142.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 08:56:42.869115 2026] [security2:error] [pid 32457:tid 32457] [client 34.75.142.193:65323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rame-int.marklex.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rame-int.marklex.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak5JCgQoQ8cTUWjVsUgP7gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-08 12:51:34
(3 hours ago)
34.75.142.193 - - [08/Jul/2026:14:51:32 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 8542 ...
show more
34.75.142.193 - - [08/Jul/2026:14:51:32 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 8542 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.75.142.193 - - [08/Jul/2026:14:51:32 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 8552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.75.142.193 - - [08/Jul/2026:14:51:33 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 8550 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.75.142.193 - - [08/Jul/2026:14:51:33 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 8562 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.75.142.193 - - [08/Jul/2026:14:51:33 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP
...
show less
Brute-Force
Web App Attack
๐ฏ๐ต
Valhalla
2026-07-08 12:46:28
(3 hours ago)
/xmlrpc.php?rsd
Hacking
Web App Attack
Anonymous
2026-07-08 12:44:13
(3 hours ago)
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show more
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy โ zero tolerance for exploit scanning. Banned Jul 8, 12:44 UTC. Origin: United States, North Charleston.
show less
Hacking
Bad Web Bot
Web App Attack
๐ซ๐ฎ
JLKnoch.com
2026-07-08 12:32:31
(3 hours ago)
CrowdSec crowdsecurity/http-probing
Brute-Force
Web App Attack
๐ง๐ท
borbolla
2026-07-08 12:26:03
(3 hours ago)
Automated web credential/secret scanner blocked by Fail2Ban. Probed: "GET / HTTP/1.1" "GET /blog/wp- ...
show more
Automated web credential/secret scanner blocked by Fail2Ban. Probed: "GET / HTTP/1.1" "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1"
show less
Web App Attack
Bad Web Bot
๐ซ๐ท
masterguru
2026-07-08 12:21:03
(4 hours ago)
Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-196)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-08 12:20:48
(4 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.75.142.193 (193.142.75.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.75.142.193 (193.142.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 08:20:41.439374 2026] [security2:error] [pid 13962:tid 13962] [client 34.75.142.193:53427] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ashwoodsecurity.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ashwoodsecurity.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak5AmRt4IJU5v5JSY0AhOwAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack