๐ฉ๐ช
4server
2026-06-28 14:01:23
(1 week ago)
[SunJun2816:01:20.8595112026][security2:error][pid1732130:tid1732257][client5.151.177.149:0]ModSecur ...
show more
[SunJun2816:01:20.8595112026][security2:error][pid1732130:tid1732257][client5.151.177.149:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"special-home.ch\"][uri\"/xmlrpc.php\"][unique_id\"akEpMMIQV-VQjB1SNh-9WwAAAQw\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 18:50:06
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.151.177.149 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 5.151.177.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 14:49:59.063251 2026] [security2:error] [pid 25869:tid 25869] [client 5.151.177.149:55235] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ashleycroft.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ashleycroft.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aixU153Cm_jg7eX0FrJ2ygAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-11 22:30:03
(3 weeks ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
Anonymous
2026-06-02 21:34:02
(1 month ago)
[redacted] 5.151.177.149 - - [02/Jun/2026:23:33:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "M ...
show more
[redacted] 5.151.177.149 - - [02/Jun/2026:23:33:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/86.0.0.0 Safari/537.36"
[redacted] 5.151.177.149 - - [02/Jun/2026:23:33:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/78.0.0.0 Safari/537.36"
[redacted] 5.151.177.149 - - [02/Jun/2026:23:33:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/92.0.0.0 Safari/537.36"
[redacted] 5.151.177.149 - - [02/Jun/2026:23:33:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/78.0.0.0 Safari/537.36"
[redacted] 5.151.177.149 - - [02/Jun/2026:23:34:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows N
...
show less
Hacking
Web App Attack
๐ฉ๐ช
findlab
2026-05-29 09:00:02
(1 month ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-05-28 22:00:07
(1 month ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-05-26 17:12:46
(1 month ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ฉ๐ช
LRob
2026-05-24 22:30:03
(1 month ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-22 15:51:17
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.151.177.149 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 5.151.177.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 11:51:11.772787 2026] [security2:error] [pid 31304:tid 31304] [client 5.151.177.149:54876] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||billwegener.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "billwegener.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ahB7b3XBcm3-bgqEeeUn6AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-05-02 13:07:18
(2 months ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
๐ฉ๐ช
4server
2026-05-02 12:31:01
(2 months ago)
[SatMay0214:30:56.6111002026][security2:error][pid1739402:tid1739589][client5.151.177.149:0]ModSecur ...
show more
[SatMay0214:30:56.6111002026][security2:error][pid1739402:tid1739589][client5.151.177.149:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"scuolaviva.ch\"][uri\"/xmlrpc.php\"][unique_id\"afXugDRQvtxNLQO_FBW6wQAAAJg\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-04-29 08:19:09
(2 months ago)
5.151.177.149 - [29/Apr/2026:11:16:31 +0300] "POST /xmlrpc.php HTTP/1.1" 404 67340 "-" "Mozilla/5.0 ...
show more
5.151.177.149 - [29/Apr/2026:11:16:31 +0300] "POST /xmlrpc.php HTTP/1.1" 404 67340 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/65.0.0.0 Safari/537.36" "-"
5.151.177.149 - [29/Apr/2026:11:19:09 +0300] "POST /xmlrpc.php HTTP/1.1" 403 1770 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "-"
...
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
Penny Packer
2026-04-28 22:19:26
(2 months ago)
Fail2Ban apache-tripwires
Web App Attack
๐ซ๐ฎ
6kilowatti
2026-04-27 21:30:31
(2 months ago)
5.151.177.149 - - [28/Apr/2026:00:30:30 +0300] "POST /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 ( ...
show more
5.151.177.149 - - [28/Apr/2026:00:30:30 +0300] "POST /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36"
5.151.177.149 - [28/Apr/2026:00:30:30 +0300] "POST /xmlrpc.php HTTP/1.1" 404 2048 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
Trueforce Threat Report
2026-04-27 19:34:16
(2 months ago)
Automated report, trolling for resource vulnerabilities
Bad Web Bot
Web App Attack