Anonymous
2026-07-18 09:44:45
(1 day ago)
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:39 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" ...
show more
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:39 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:39 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:40 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:40 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.245.106.195 - - [18/Jul/2026:11:44:41 +0200] "POST //x
...
show less
Hacking
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-18 09:41:51
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ณ๐ฑ
Savvii
2026-07-18 09:38:36
(1 day ago)
10 attempts against mh-misc-ban on pyrus
Web App Attack
๐ง๐พ
lns.bz
2026-07-18 09:23:14
(1 day ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 09:21:31
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.245.106.195 (195.106.245.35.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 35.245.106.195 (195.106.245.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 05:21:26.675525 2026] [security2:error] [pid 27529:tid 27529] [client 35.245.106.195:58556] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||livingawakenedbook.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "livingawakenedbook.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "altFljcRzLuOtvxQm3aZtwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
i-turnradio.nl
2026-07-18 09:20:13
(1 day ago)
2026-07-18 @ 11:20:12 (CET) ~ Blocked for trying to access: /wp-includes/ID3/license.txt
Web App Attack
๐บ๐ธ
mnsf
2026-07-18 09:06:17
(1 day ago)
Too many Status 40X (14)
Brute-Force
Web App Attack
๐บ๐ธ
lavnet.net
2026-07-18 09:00:25
(1 day ago)
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 2083 ...
show more
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /feed/ HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /xmlrpc.php?rsd HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.245.106.195 - - [18/Jul/2026:09:00:25 +0000] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Wi
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-18 08:58:53
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.245.106.195 (195.106.245.35.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 35.245.106.195 (195.106.245.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 04:58:48.634283 2026] [security2:error] [pid 28071:tid 28071] [client 35.245.106.195:49223] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||latentpixel.printorganic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "latentpixel.printorganic.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "altASO_O-Gs4mVx5CRDV_AAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
largo-it.net
2026-07-18 08:57:34
(1 day ago)
Jul 18 10:57:31 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [18/Jul/2026:10:57:31.267] www_f ...
show more
Jul 18 10:57:31 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [18/Jul/2026:10:57:31.267] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/362/373 404 3252 - - ---- 49/4/0/0/0 0/0 "GET //wp-includes/ID3/license.txt HTTP/1.1"
Jul 18 10:57:32 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [18/Jul/2026:10:57:31.641] www_frontend~ finance_cluster/finance1_test1_https 88/0/11/313/412 404 3151 - - ---- 49/4/0/0/0 0/0 "GET //feed/ HTTP/1.1"
Jul 18 10:57:32 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [18/Jul/2026:10:57:32.053] www_frontend~ finance_cluster/finance1_test1_https 89/0/11/320/420 404 3151 - - ---- 49/4/0/0/0 0/0 "GET //xmlrpc.php?rsd HTTP/1.1"
Jul 18 10:57:32 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [18/Jul/2026:10:57:32.474] www_frontend~ finance_cluster/finance1_test1_https 156/0/11/326/493 404 3151 - - ---- 49/4/0/0/0 0/0 "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1"
Jul 18 10:57:33 vps-9f3cdc33 haproxy[1363592]: 35.245.106.195:54578 [1
...
show less
Hacking
Bad Web Bot
Web App Attack
๐ฉ๐ช
todix
2026-07-18 08:46:23
(1 day ago)
Web App Attack Exploid from 35.245.106.195
Web App Attack
๐ณ๐ฑ
WeCloudit-Anti-Abuse
2026-07-18 08:42:27
(1 day ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐จ๐ญ
zynex
2026-07-18 08:41:35
(1 day ago)
URL Probing: /wp-includes/id3/license.txt/wp1/wp-includes/wlwmanifest.xml
Web App Attack
๐ฎ๐น
VHosting
2026-07-18 08:40:04
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฎ๐ฑ
Dolphi
2026-07-18 08:40:02
(1 day ago)
POST //xmlrpc.php
Brute-Force
Web App Attack