๐บ๐ธ
nyt
2026-07-07 12:07:37
(31 seconds ago)
Repeated WordPress login POSTs blocked by WAF (3 in 6h)
Brute-Force
Web App Attack
๐บ๐ธ
TAY
2026-07-07 12:00:52
(7 minutes ago)
52.30.228.109 - - [07/Jul/2026:19:55:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 ...
show more
52.30.228.109 - - [07/Jul/2026:19:55:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
52.30.228.109 - - [07/Jul/2026:19:55:47 +0800] "POST /wp-login.php HTTP/1.1" 200 2677 "https://www.littleprairie.com.my/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
52.30.228.109 - - [07/Jul/2026:20:00:52 +0800] "POST /wp-login.php HTTP/1.1" 200 2675 "https://mail.littleprairie.com.my/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
...
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-07 11:53:31
(14 minutes ago)
(mod_security) mod_security (id:225170) triggered by 52.30.228.109 (ec2-52-30-228-109.eu-west-1.comp ...
show more
(mod_security) mod_security (id:225170) triggered by 52.30.228.109 (ec2-52-30-228-109.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 07:53:28.026624 2026] [security2:error] [pid 24335:tid 24335] [client 52.30.228.109:57942] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cosplayculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cosplayculture.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akzouLpTIZQj9LzPZuTZ9AAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
nyt
2026-07-07 11:48:06
(20 minutes ago)
XMLRPC Attack, 503 status indicates server issue, not normal behavior, WP login POST blocked by WAF
Brute-Force
Web App Attack
Anonymous
2026-07-07 11:46:03
(22 minutes ago)
Failed Wordpress Logins
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-07 11:45:29
(22 minutes ago)
(PERMBLOCK) 52.30.228.109 (IE/Ireland/ec2-52-30-228-109.eu-west-1.compute.amazonaws.com) has had mor ...
show more
(PERMBLOCK) 52.30.228.109 (IE/Ireland/ec2-52-30-228-109.eu-west-1.compute.amazonaws.com) has had more than 4 temp blocks
show less
Hacking
๐ฉ๐ช
neckaralb-admin.de
2026-07-07 11:43:05
(25 minutes ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
Anonymous
2026-07-07 11:08:58
(59 minutes ago)
WordPress Brute Force
Brute-Force
Anonymous
2026-07-07 11:06:38
(1 hour ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 11:04:47
(1 hour ago)
(mod_security) mod_security (id:225170) triggered by 52.30.228.109 (ec2-52-30-228-109.eu-west-1.comp ...
show more
(mod_security) mod_security (id:225170) triggered by 52.30.228.109 (ec2-52-30-228-109.eu-west-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 07:04:41.352471 2026] [security2:error] [pid 24546:tid 24546] [client 52.30.228.109:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||southernbroadcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "southernbroadcast.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akzdSXv5OKiXZ3HJj7vZgAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Tilellit.PRO
2026-07-07 11:02:49
(1 hour ago)
WP Armour Plugin detection
Web Spam
Brute-Force
๐ฒ๐น
Malta
2026-07-07 10:58:52
(1 hour ago)
52.30.228.109 - - [07/Jul/2026:12:58:52 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh ...
show more
52.30.228.109 - - [07/Jul/2026:12:58:52 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
๐บ๐ธ
TAY
2026-07-07 10:50:39
(1 hour ago)
52.30.228.109 - - [07/Jul/2026:18:47:01 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 ...
show more
52.30.228.109 - - [07/Jul/2026:18:47:01 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
52.30.228.109 - - [07/Jul/2026:18:49:17 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
52.30.228.109 - - [07/Jul/2026:18:50:39 +0800] "POST /wp-login.php HTTP/1.1" 200 2677 "https://www.littleprairie.com.my/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_7_10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Brute-Force
๐จ๐ฟ
ptlab
2026-07-07 10:45:09
(1 hour ago)
Detected wp_login attack from WP-host.
Hacking
Web App Attack
๐ฉ๐ช
london2038.com
2026-07-07 10:37:44
(1 hour ago)
Attacking WordPress
52.30.228.109 - - [07/Jul/2026:12:37:42 +0200] "POST /xmlrpc.php HTTP/2.0" 503 1 ...
show more
Attacking WordPress
52.30.228.109 - - [07/Jul/2026:12:37:42 +0200] "POST /xmlrpc.php HTTP/2.0" 503 18945 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Brute-Force
Web App Attack