๐ง๐ช
cmbplf
2026-07-10 16:29:12
(5 days ago)
9.741 requests with url.path */xmlrpc.php
9.500 requests with url.path //xmlrpc.php
757 requests ...
show more
9.741 requests with url.path */xmlrpc.php
9.500 requests with url.path //xmlrpc.php
757 requests with url.path */wp-includes/wlwmanifest.xml
show less
Brute-Force
Bad Web Bot
๐ณ๐ฑ
tmiland
2026-07-10 14:49:34
(5 days ago)
(wordpress_xmlrpc) WordPress XMLPRC Attack 35.252.115.91 (US/United States/91.115.252.35.bc.googleus ...
show more
(wordpress_xmlrpc) WordPress XMLPRC Attack 35.252.115.91 (US/United States/91.115.252.35.bc.googleusercontent.com): 3 in the last 3600 secs; IP: 35.252.115.91; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 35.252.115.91 - - [10/Jul/2026:16:49:31 +0200] "POST //xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 35.252.115.91 - - [10/Jul/2026:16:49:31 +0200] "POST //xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 35.252.115.91 - - [10/Jul/2026:16:49:32 +0200] "POST //xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Brute-Force
๐ซ๐ท
dwmp
2026-07-10 14:48:48
(5 days ago)
Url probing: /feed/
Web App Attack
๐ซ๐ท
masterguru
2026-07-10 14:43:37
(5 days ago)
(xmlrpc) Apache: Failed xmlrpc access from 35.252.115.91 (US/United States/91.115.252.35.bc.googleus ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 35.252.115.91 (US/United States/91.115.252.35.bc.googleusercontent.com): 10 in the last 3600 secs (0-180)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-10 14:37:22
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 35.252.115.91 (91.115.252.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.252.115.91 (91.115.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 10:37:18.152302 2026] [security2:error] [pid 2697:tid 2697] [client 35.252.115.91:58052] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thesalonx.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thesalonx.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alEDnvylo07XFwbfIJSU3QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Lee Daniel
2026-07-10 14:27:48
(5 days ago)
35.252.115.91 - - [10/Jul/2026:10:27:45 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1 ...
show more
35.252.115.91 - - [10/Jul/2026:10:27:45 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 25705 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.115.91 - - [10/Jul/2026:10:27:46 -0400] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 25656 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.115.91 - - [10/Jul/2026:10:27:46 -0400] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 404 25661 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.115.91 - - [10/Jul/2026:10:27:46 -0400] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404 25661 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.115.91 - - [10/Jul/2026:10:27:47 -0400] "GET //2021/wp-includes/wlwmanifest.xm
...
show less
DDoS Attack
Web Spam
Email Spam
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
mondor.ro
2026-07-10 14:22:55
(5 days ago)
Cluster member 148.251.176.225 (DE/Germany/antares.webyouridea.ro) said, DENY 35.252.115.91, Reason: ...
show more
Cluster member 148.251.176.225 (DE/Germany/antares.webyouridea.ro) said, DENY 35.252.115.91, Reason:[(manifest) WordPress wlwmanifest.xml Attack 35.252.115.91 (US/United States/91.115.252.35.bc.googleusercontent.com): 10 in the last 3600 secs]; Ports: *; Direction: inout; Trigger: LF_CLUSTER; Logs:
show less
Port Scan
๐ณ๐ฑ
thedreamer.nl
2026-07-10 14:20:51
(5 days ago)
35.252.115.91 - - [10/Jul/2026:16:20:31 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 200 2213 ...
show more
35.252.115.91 - - [10/Jul/2026:16:20:31 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "US" "The Dalles" "45.59990" "-121.18710"
35.252.115.91 - - [10/Jul/2026:16:20:32 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "US" "The Dalles" "45.59990" "-121.18710"
35.252.115.91 - - [10/Jul/2026:16:20:32 +0200] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "US" "The Dalles" "45.59990" "-121.18710"
35.252.115.91 - - [10/Jul/2026:16:20:32 +0200] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
...
show less
Hacking
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-10 14:20:46
(5 days ago)
(wordpress) Failed wordpress login from 35.252.115.91 (US/United States/91.115.252.35.bc.googleuserc ...
show more
(wordpress) Failed wordpress login from 35.252.115.91 (US/United States/91.115.252.35.bc.googleusercontent.com)
show less
Brute-Force
๐ฉ๐ช
thesimonmanuel
2026-07-10 14:19:29
(5 days ago)
35.252.115.91 - - [10/Jul/2026:19:49:28 +0530] "GET //wp-includes/ID3/license.txt HTTP/1.1" 200 1396 ...
show more
35.252.115.91 - - [10/Jul/2026:19:49:28 +0530] "GET //wp-includes/ID3/license.txt HTTP/1.1" 200 1396 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-"
show less
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-10 14:16:32
(5 days ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-07-10 14:15:38
(5 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
LRob
2026-07-10 14:14:16
(5 days ago)
CrowdSec: crowdsecurity/http-probing | req: ["//wp-includes/ID3/license.txt","//feed/","//xmlrpc.php ...
show more
CrowdSec: crowdsecurity/http-probing | req: ["//wp-includes/ID3/license.txt","//feed/","//xmlrpc.php?rsd","//blog/wp-includes/wlwmanifest.xml","//web/wp-includes/wlwmanifest.xml","//wordpress/wp-includes/wlwmanifest.xml","//wp/wp-includes/wlwmanifest.xml","//2020/wp-includes/wlwmanifest.xml"," | UA: ["-","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"]
show less
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 14:07:18
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 35.252.115.91 (91.115.252.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.252.115.91 (91.115.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 10:07:14.479921 2026] [security2:error] [pid 10396:tid 10396] [client 35.252.115.91:49385] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||test.kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "test.kbalan.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alD8ksAcKI_SZYtsOH-dDAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-07-10 14:05:32
(5 days ago)
Abuse Detected (11)
Brute-Force
Web App Attack