๐ง๐ช
cmbplf
2026-07-15 16:26:34
(1 day ago)
842 requests with url.path //xmlrpc.php
Brute-Force
Bad Web Bot
๐ณ๐ด
Bots.go.to.hell
2026-07-15 15:22:43
(1 day ago)
This IP was detected by CrowdSec triggering custom/ip-honeypot
Web App Attack
Bad Web Bot
๐ณ๐ฑ
ipoac.nl
2026-07-15 15:21:49
(1 day ago)
-.nl:443 35.204.79.234 - - [15/Jul/2026:17:21:48 +0200] -.nl "GET //xmlrpc.php?rsd HTTP/1.1" 403 197 ...
show more
-.nl:443 35.204.79.234 - - [15/Jul/2026:17:21:48 +0200] -.nl "GET //xmlrpc.php?rsd HTTP/1.1" 403 1972 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Bad Web Bot
๐ฉ๐ฐ
ScamAware
2026-07-15 15:15:24
(1 day ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot / scanner behavior). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-15 15:12:03
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.204.79.234 (234.79.204.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.204.79.234 (234.79.204.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 11:11:58.739188 2026] [security2:error] [pid 14391:tid 14391] [client 35.204.79.234:50631] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jamesmsmall.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jamesmsmall.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "alejPq4BXV62YPGpA2bsrQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
SiliSoftware
2026-07-15 15:11:49
(1 day ago)
/wp-includes/ID3/license.txt
Web App Attack
๐ฎ๐น
mgarofano80
2026-07-15 14:57:12
(1 day ago)
Brute-Force
Web App Attack
๐ฎ๐น
VHosting
2026-07-15 14:55:02
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ท๐บ
DZBOT
2026-07-15 14:54:54
(1 day ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-15 14:54:12
(1 day ago)
35.204.79.234 - - [15/Jul/2026:17:54:11 +0300] "GET /login/wp-includes/ID3/license.txt HTTP/1.1" 404 ...
show more
35.204.79.234 - - [15/Jul/2026:17:54:11 +0300] "GET /login/wp-includes/ID3/license.txt HTTP/1.1" 404 4438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.204.79.234 - - [15/Jul/2026:17:54:11 +0300] "GET /login/xmlrpc.php?rsd HTTP/1.1" 404 712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
maxpower
2026-07-15 14:54:08
(1 day ago)
(nginx_hardened) REGOLA 3 - Nginx Hardening Triggered 35.204.79.234 (234.79.204.35.bc.googleusercont ...
show more
(nginx_hardened) REGOLA 3 - Nginx Hardening Triggered 35.204.79.234 (234.79.204.35.bc.googleusercontent.com): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 35.204.79.234 - - [15/Jul/2026:16:53:18 +0200] "GET //xmlrpc.php?rsd HTTP/2.0" 403 129 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "35.204.79.234" host=ipv6.francescadandrea.com
2026/07/15 16:53:54 [error] 3907623#3907623: *529708 access forbidden by rule, client: 35.204.79.234, server: lasfiziosapizzeria.it, request: "GET //xmlrpc.php?rsd HTTP/2.0", host: "ipv6.lasfiziosapizzeria.it"
2026/07/15 16:53:55 [error] 3907615#3907615: *529716 access forbidden by rule, client: 35.204.79.234, server: marialauracaselli.com, request: "GET //xmlrpc.php?rsd HTTP/2.0", host: "ipv6.marialauracaselli.com"
show less
Port Scan
๐จ๐ญ
backslash
2026-07-15 14:48:01
(1 day ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐ฉ๐ช
big-cloud.nl
2026-07-15 14:39:33
(1 day ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 14:38:23
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.204.79.234 (234.79.204.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.204.79.234 (234.79.204.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 10:38:16.453661 2026] [security2:error] [pid 9817:tid 9817] [client 35.204.79.234:60611] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.innovacionesnimba.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.innovacionesnimba.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alebWNUa_rkIV6w1El3xbwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-15 14:37:27
(1 day ago)
35.204.79.234 - - [15/Jul/2026:16:37:26 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6357 "-" "Mozilla/5. ...
show more
35.204.79.234 - - [15/Jul/2026:16:37:26 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.204.79.234 - - [15/Jul/2026:16:37:26 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.204.79.234 - - [15/Jul/2026:16:37:27 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Hacking
Web App Attack