๐ซ๐ท
tecnicorioja
2026-07-02 22:00:14
(17 hours ago)
POST /xmlrpc.php [02/Jul/2026:03:27:21
Brute-Force
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-07-02 21:32:03
(17 hours ago)
Wordfence waf block on parsol
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 21:27:04
(17 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 17:26:57.271549 2026] [security2:error] [pid 15931:tid 15931] [client 52.161.201.80:3593] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bikiniwatersports.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bikiniwatersports.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbXodtvJitPPrmqsaJ8MwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-07-02 21:26:16
(17 hours ago)
Probing websites for vulnerabilities
Web App Attack
SQL Injection
๐ธ๐ช
vaia.cloud
2026-07-02 21:09:02
(17 hours ago)
trying wp-login.php/xmlrpc.php 34 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
ambor
2026-07-02 21:08:53
(17 hours ago)
Honeypot triggered: /wp-json/wp/v2/users/ on ifebridge.com. User-Agent: Mozilla/5.0 (Macintosh; Inte ...
show more
Honeypot triggered: /wp-json/wp/v2/users/ on ifebridge.com. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36. Method: GET
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 20:43:23
(18 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 16:43:16.766756 2026] [security2:error] [pid 10292:tid 10397] [client 52.161.201.80:4547] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||usu.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "usu.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbNZMP9GspyRDjAfSDnbwAAARE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-02 20:29:02
(18 hours ago)
trying wp-login.php/xmlrpc.php 35 times in 1 minutes
Brute-Force
Web App Attack
๐ง๐ช
brechtr
2026-07-02 20:15:22
(18 hours ago)
[Press84-BanHammer] bad username โ Sourced from: brechtryckaert.com โ Request: POST /xmlrpc.php
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-02 20:12:51
(18 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 16:12:44.263428 2026] [security2:error] [pid 26003:tid 26003] [client 52.161.201.80:4475] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||takemehomedogrescue.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "takemehomedogrescue.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbGPCsYTmXGi407azXdwAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 19:57:33
(19 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:57:29.498557 2026] [security2:error] [pid 23143:tid 23143] [client 52.161.201.80:4647] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dragonflytunes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dragonflytunes.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbCqbApYwkY5Bi_fXJZxAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
maxpower
2026-07-02 19:34:40
(19 hours ago)
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 52.161.201.80 (US/United States/-): 3 in the l ...
show more
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 52.161.201.80 (US/United States/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 52.161.201.80 - - [02/Jul/2026:21:26:33 +0200] "GET /wp-json/wp/v2/users/ HTTP/1.1" 200 655 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=squalettiacademy.it
52.161.201.80 - - [02/Jul/2026:21:26:34 +0200] "POST /xmlrpc.php HTTP/1.1" 404 4446 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=squalettiacademy.it
52.161.201.80 - - [02/Jul/2026:21:34:35 +0200] "GET /wp-json/wp/v2/users/ HTTP/1.1" 200 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/109.0.0.0" "-" host=popica.it
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-02 19:31:24
(19 hours ago)
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.201.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:31:20.773413 2026] [security2:error] [pid 21156:tid 21156] [client 52.161.201.80:3642] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||collectivedzgn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "collectivedzgn.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aka8iFuMGd1rQFo95H0LfgAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-02 19:27:24
(19 hours ago)
52.161.201.80 - - [02/Jul/2026:21:27:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 870 "-" "Mozilla/5.0 ...
show more
52.161.201.80 - - [02/Jul/2026:21:27:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 870 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
52.161.201.80 - - [02/Jul/2026:21:27:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 656 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
52.161.201.80 - - [02/Jul/2026:21:27:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.161.201.80 - - [02/Jul/2026:21:27:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.161.201.80 - - [02/Jul/2026:21:27:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-07-02 19:26:10
(19 hours ago)
Attac
Brute-Force