๐ฎ๐น
VHosting
2026-07-19 07:05:04
(12 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
Victor Lรณpez
2026-07-19 06:53:54
(12 hours ago)
s10.digitalhypepro.com 35.199.20.115 - - [19/Jul/2026:01:52:14 -0500] "GET //xmlrpc.php?rsd HTTP/2.0 ...
show more
s10.digitalhypepro.com 35.199.20.115 - - [19/Jul/2026:01:52:14 -0500] "GET //xmlrpc.php?rsd HTTP/2.0" 200 3205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" -
s10.digitalhypepro.com 35.199.20.115 - - [19/Jul/2026:01:52:16 -0500] "POST //xmlrpc.php HTTP/2.0" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" -
s4.digitalhypepro.com 35.199.20.115 - - [19/Jul/2026:01:53:53 -0500] "GET //xmlrpc.php?rsd HTTP/2.0" 200 3205 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" -
...
show less
Hacking
Web App Attack
๐บ๐ธ
nyt
2026-07-19 06:45:58
(13 hours ago)
WP Author Enumeration
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-19 06:44:43
(13 hours ago)
(mod_security) mod_security (id:225170) triggered by 35.199.20.115 (115.20.199.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.199.20.115 (115.20.199.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 19 02:44:39.163666 2026] [security2:error] [pid 5033:tid 5033] [client 35.199.20.115:55886] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ruthbalser.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ruthbalser.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "alxyV18fv-LpLW28K0yHqQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2026-07-19 06:42:00
(13 hours ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐จ๐ญ
Origon
2026-07-19 06:39:30
(13 hours ago)
http-probing - IP: 35.199.20.115 - time="2026-07-19T08:39:29+02:00" level=info msg="(555f66b4f6a745 ...
show more
http-probing - IP: 35.199.20.115 - time="2026-07-19T08:39:29+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 35.199.20.115 (US/396982) : 4h ban on Ip 35.199.20.115" module=db
show less
Web App Attack
๐ณ๐ฑ
maxxsense
2026-07-19 06:36:10
(13 hours ago)
(wordpress-user-enum) Failed wordpress-user-enum trigger from 35.199.20.115 (US/United States/115.20 ...
show more
(wordpress-user-enum) Failed wordpress-user-enum trigger from 35.199.20.115 (US/United States/115.20.199.35.bc.googleusercontent.com)
show less
Brute-Force
๐บ๐ธ
nyt
2026-04-14 11:56:16
(3 months ago)
Empty UA + error, WP Author Enumeration
Web App Attack
๐ณ๐ฑ
0xffffffff
2026-04-14 11:53:56
(3 months ago)
[2026-04-14 14:53:54.692063] [authz_core:error] [pid 1003855:tid 127464675882688] [client 35.199.20. ...
show more
[2026-04-14 14:53:54.692063] [authz_core:error] [pid 1003855:tid 127464675882688] [client 35.199.20.115:0] AH01630: client denied by server configuration: /var/www/*/wp-includes/wlwmanifest.xml , error_notes:double-slash , URI:'/wp-includes/wlwmanifest.xml'
[2026-04-14 14:53:54.790484] [authz_core:error] [pid 1003855:tid 127464659064512] [client 35.199.20.115:0] AH01630: client denied by server configuration: /var/www/*/xmlrpc.php , error_notes:double-slash , URI:'/xmlrpc.php?rsd'
[2026-04-14 14:53:55.000890] [authz_core:error] [pid 1003855:tid 127464650655424] [client 35.199.20.115:0] AH01630: client denied by server configuration: /var/www/*/ , error_notes:double-slash , URI:'/?author=1'
[2026-04-14 14:53:55.098285] [authz_core:error] [pid 1003855:tid 127464852244160] [client 35.199.20.115:0] AH01630: client denied by server configuration: /var/www/*/ , error_notes:double-slash , URI:'/?author=2'
[2026-04-14 14:53:55.197129] [authz_core:error] [pid 1003855:tid 127464843851456] [client 35.199.20.115:0] AH016
show less
Web App Attack
Bad Web Bot
๐บ๐ธ
myagent.site
2026-04-14 11:53:52
(3 months ago)
Blocked user enumeration attempt
Hacking
๐ฉ๐ช
expandmade.com
2026-04-14 11:50:40
(3 months ago)
unauthorized rest api call [14/Apr/2026:11:50:40 "GET //wp-json/wp/v2/users/"]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-14 11:50:28
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 35.199.20.115 (115.20.199.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.199.20.115 (115.20.199.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 07:50:25.033836 2026] [security2:error] [pid 2408770:tid 2408770] [client 35.199.20.115:58079] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gpobiotech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gpobiotech.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ad4qAUT-VgvycpCZK7vo8gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WizardsToolkit
2026-04-14 11:28:31
(3 months ago)
attempted to access
Web App Attack
๐ซ๐ท
Baking333
2026-04-14 11:19:38
(3 months ago)
[redacted] 35.199.20.115 - - [14/Apr/2026:12:19:37 +0100] "GET /wp-includes/js/jquery/[redacted] HTT ...
show more
[redacted] 35.199.20.115 - - [14/Apr/2026:12:19:37 +0100] "GET /wp-includes/js/jquery/[redacted] HTTP/1.1" 302 1538 0/85519 "http://[redacted]/wp-includes/js/jquery/[redacted]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" [redacted] 35.199.20.115 - - [14/Apr/2026:12:19:37 +0100] "GET / HTTP/1.1" 200 8407 0/210805 "https://[redacted]/wp-includes/js/jquery/[redacted]" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
Hazael
2026-04-14 11:13:02
(3 months ago)
SNOOPING - intended to probe for or exploit website vulnerabilities. From: Washington, United States ...
show more
SNOOPING - intended to probe for or exploit website vulnerabilities. From: Washington, United States - Google LLC (AS396982 Google LLC) - Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
show less
Web App Attack