π«π·
SpaceHost-Server
2026-07-16 22:29:52
(2 days ago)
Brute-Force
Web App Attack
π«π·
SpaceHost-Server
2026-07-15 22:29:41
(3 days ago)
Brute-Force
Web App Attack
Anonymous
2026-07-15 15:02:01
(3 days ago)
[_admin] cross-host-offender: auto: cross-host offender β banned on 3 hosts [httpd-suspicious-path,h ...
show more
[_admin] cross-host-offender: auto: cross-host offender β banned on 3 hosts [httpd-suspicious-path,httpd-xmlrpc-post]
show less
Hacking
Web App Attack
π¨π
blinx
2026-07-15 12:33:14
(3 days ago)
Suspicious activity detected by Modsecurity
Web Spam
Port Scan
Hacking
Bad Web Bot
Web App Attack
π©πͺ
Blexyel
2026-07-15 12:30:20
(3 days ago)
35.196.172.32 - - [15/Jul/2026:14:30:20 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ...
show more
35.196.172.32 - - [15/Jul/2026:14:30:20 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-15 12:27:34
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 35.196.172.32 (32.172.196.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:240335) triggered by 35.196.172.32 (32.172.196.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 08:27:27.519977 2026] [security2:error] [pid 32644:tid 32644] [client 35.196.172.32:60086] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.196.172.32 (+1 hits since last alert)|bitcoinpornhub.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bitcoinpornhub.com"] [uri "/xmlrpc.php"] [unique_id "ald8rw81XVl51TT9tfFE_wAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
macrob
2026-07-15 12:17:47
(3 days ago)
2026/07/15 12:17:46 [error] 3653384#3653384: *378423528 access forbidden by rule, client: 35.196.172 ...
show more
2026/07/15 12:17:46 [error] 3653384#3653384: *378423528 access forbidden by rule, client: 35.196.172.32, server: binixo.com, request: "GET //wp-includes/ID3/license.txt HTTP/2.0", host: "binixo.com"
2026/07/15 12:17:46 [error] 3653384#3653384: *378423530 access forbidden by rule, client: 35.196.172.32, server: binixo.lk, request: "GET //wp-includes/ID3/license.txt HTTP/2.0", host: "binixo.lk"
2026/07/15 12:17:46 [error] 3653379#3653379: *378423546 access forbidden by rule, client: 35.196.172.32, server: binixo.com, request: "GET //xmlrpc.php?rsd HTTP/2.0", host: "binixo.com"
...
show less
Web App Attack
π¨π
zynex
2026-07-15 12:12:17
(3 days ago)
URL Probing: /xmlrpc.php
Web App Attack
π©πͺ
Hary74656
2026-07-15 12:12:16
(3 days ago)
[Wed Jul 15 14:12:08.308881 2026] [core:info] [pid 104736:tid 104819] [client 35.196.172.32:64091] A ...
show more
[Wed Jul 15 14:12:08.308881 2026] [core:info] [pid 104736:tid 104819] [client 35.196.172.32:64091] AH00128: File does not exist: /home/sabine/www/blog/wp-includes/wlwmanifest.xml
...
show less
Bad Web Bot
π§πͺ
cmbplf
2026-07-15 12:11:14
(3 days ago)
27.016 requests in 1 hour (2mos3w3d)
Brute-Force
Bad Web Bot
Anonymous
2026-07-15 12:04:05
(3 days ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1
Hacking
Web App Attack
π¦πΊ
2000cn.com.au
2026-07-15 12:00:56
(3 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
π©πͺ
big-cloud.nl
2026-07-15 11:59:16
(3 days ago)
Try to access /xmlrpc.php?rsd
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-15 11:58:53
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 35.196.172.32 (32.172.196.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.196.172.32 (32.172.196.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:58:49.097609 2026] [security2:error] [pid 15670:tid 15670] [client 35.196.172.32:57954] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bervick.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bervick.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ald1-f6V2WIGwRdiTt9yBAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 11:57:45
(3 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack