๐ง๐ช
cmbplf
2026-07-08 09:34:02
(1 day ago)
5.281 requests with url.path //xmlrpc.php
1.945 requests with url.path */wp-includes/wlwmanifest.x ...
show more
5.281 requests with url.path //xmlrpc.php
1.945 requests with url.path */wp-includes/wlwmanifest.xml
show less
Brute-Force
Bad Web Bot
๐บ๐ธ
mnsf
2026-07-08 07:05:07
(1 day ago)
Too many Status 40X (12)
Brute-Force
Web App Attack
๐ฉ๐ช
grassau.com
2026-07-08 06:54:25
(1 day ago)
(wordpress) Failed wordpress login from 35.252.182.36 (US/United States/Oregon/The Dalles/36.182.252 ...
show more
(wordpress) Failed wordpress login from 35.252.182.36 (US/United States/Oregon/The Dalles/36.182.252.35.bc.googleusercontent.com)
show less
Brute-Force
๐บ๐ฆ
URAN Publishing Service
2026-07-08 06:52:31
(1 day ago)
35.252.182.36 - - [08/Jul/2026:09:52:30 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 " ...
show more
35.252.182.36 - - [08/Jul/2026:09:52:30 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.182.36 - - [08/Jul/2026:09:52:31 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 06:50:57
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.252.182.36 (36.182.252.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.252.182.36 (36.182.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 02:50:52.618261 2026] [security2:error] [pid 19947:tid 19947] [client 35.252.182.36:54514] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||chickiesbeef.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chickiesbeef.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak3zTCIFzHABgGCIuRsfxAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Savvii
2026-07-08 06:45:58
(1 day ago)
15 attempts against mh-modsecurity-ban on chard
Brute-Force
Web App Attack
Anonymous
2026-07-08 06:45:04
(1 day ago)
35.252.182.36 - - [08/Jul/2026:08:45:03 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 15025 ...
show more
35.252.182.36 - - [08/Jul/2026:08:45:03 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 15025 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.182.36 - - [08/Jul/2026:08:45:03 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 15025 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.182.36 - - [08/Jul/2026:08:45:03 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 15025 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.182.36 - - [08/Jul/2026:08:45:04 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 15025 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.252.182.36 - - [08/Jul/2026:08:45:04 +0200] "GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
mnsf
2026-07-06 15:05:21
(3 days ago)
Abuse Detected (17)
Brute-Force
Web App Attack
๐ซ๐ท
masterguru
2026-07-06 14:07:37
(3 days ago)
WordPress: User enumeration. Pattern match "(author\\\\= (88030-193)
Hacking
๐ท๐ด
ICT
2026-07-06 14:01:13
(3 days ago)
Jul 6 17:01:10 wordpress wordpress(acad-icht.tm.edu.ro)[25501]: XML-RPC authentication attempt for ...
show more
Jul 6 17:01:10 wordpress wordpress(acad-icht.tm.edu.ro)[25501]: XML-RPC authentication attempt for unknown user admin from 35.252.182.36
Jul 6 17:01:12 wordpress wordpress(acad-icht.tm.edu.ro)[25552]: XML-RPC authentication attempt for unknown user admin from 35.252.182.36
Jul 6 17:01:12 wordpress wordpress(acad-icht.tm.edu.ro)[25570]: XML-RPC authentication attempt for unknown user admin from 35.252.182.36
...
show less
Brute-Force
Web App Attack
๐ฎ๐น
VHosting
2026-07-06 14:00:07
(3 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 13:57:58
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 35.252.182.36 (36.182.252.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.252.182.36 (36.182.252.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 09:57:53.319168 2026] [security2:error] [pid 17736:tid 17736] [client 35.252.182.36:58587] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||capitalcitysoul.com.calvaryshreveport.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "capitalcitysoul.com.calvaryshreveport.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "aku0YSl1VlFlcGhqJBgMVQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Rip
2026-07-06 13:55:24
(3 days ago)
WordPress fingerprinting and attack surface probing
Port Scan
Web App Attack
๐บ๐ธ
Victor Lรณpez
2026-07-06 13:54:59
(3 days ago)
buscaempresas.co 35.252.182.36 - - [06/Jul/2026:08:54:57 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 200 ...
show more
buscaempresas.co 35.252.182.36 - - [06/Jul/2026:08:54:57 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 200 3246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
buscaempresas.co 35.252.182.36 - - [06/Jul/2026:08:54:58 -0500] "GET //?author=1 HTTP/1.1" 404 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
buscaempresas.co 35.252.182.36 - - [06/Jul/2026:08:54:59 -0500] "GET //?author=2 HTTP/1.1" 404 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
...
show less
Hacking
Web App Attack
๐ท๐บ
DZBOT
2026-07-06 13:19:38
(3 days ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack