πΊπΈ
TPI-Abuse
2026-04-16 11:54:52
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 16 07:54:49.069282 2026] [security2:error] [pid 2765133:tid 2765133] [client 50.60.252.133:56042] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gacstoday.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gacstoday.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeDOCdcE03n3HGHGofaxUAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
wlt-blocker
2026-04-16 08:28:43
(2 months ago)
Unauthorized access to webpage admin
Web App Attack
π¨π
4server
2026-04-16 08:03:14
(2 months ago)
[ThuApr1610:03:11.9389822026][security2:error][pid17913:tid18074][client50.60.252.133:0]ModSecurity: ...
show more
[ThuApr1610:03:11.9389822026][security2:error][pid17913:tid18074][client50.60.252.133:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"distributori-automatici-ticino.ch\"][uri\"/xmlrpc.php\"][unique_id\"aeCXv0GzYLDVb7Cush3f0QAAANA\"]
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-16 02:01:32
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 22:01:27.625615 2026] [security2:error] [pid 2231463:tid 2231528] [client 50.60.252.133:33813] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||willmanlawfirm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "willmanlawfirm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeBC9-ltGKLlA5arkJhewAAAAUY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-15 22:20:56
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 50.60.252.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 18:20:51.186748 2026] [security2:error] [pid 3236045:tid 3236045] [client 50.60.252.133:53008] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||staben.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "staben.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeAPQ8Tq3KHRt6ksi0QE4AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-04-15 11:33:16
(2 months ago)
50.60.252.133 - - [15/Apr/2026:12:29:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
50.60.252.133 - - ...
show more
50.60.252.133 - - [15/Apr/2026:12:29:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
50.60.252.133 - - [15/Apr/2026:13:33:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428
...
show less
Brute-Force
Bad Web Bot
πΊπΈ
Jason Howell
2026-04-15 08:45:51
(2 months ago)
50.60.252.133 - - [15/Apr/2026:03:09:21 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Mozilla/5.0 ...
show more
50.60.252.133 - - [15/Apr/2026:03:09:21 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/80.0.0.0 Safari/537.36"
50.60.252.133 - - [15/Apr/2026:03:42:31 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3220 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/64.0.0.0 Safari/537.36"
50.60.252.133 - - [15/Apr/2026:03:43:42 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3220 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0 Safari/537.36"
50.60.252.133 - - [15/Apr/2026:03:44:34 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3220 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/73.0.0.0 Safari/537.36"
50.60.252.133 - - [15/Apr/2026:03:45:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3220 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0
...
show less
Web App Attack
π©πͺ
big-cloud.nl
2026-04-15 07:13:51
(2 months ago)
Try to access /xmlrpc.php
Web App Attack
πΊπΈ
myagent.site
2026-04-14 12:06:56
(2 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php
Hacking