๐ต๐พ
SecOpsSL
2026-06-26 22:39:51
(2 weeks ago)
66.228.48.175 - - [26/Jun/2026:19:39:51 -0300] "POST /xmlrpc.php HTTP/1.1" 403 277 "-" "Mozilla/5.0 ...
show more
66.228.48.175 - - [26/Jun/2026:19:39:51 -0300] "POST /xmlrpc.php HTTP/1.1" 403 277 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
show less
Brute-Force
Web App Attack
Anonymous
2026-06-25 10:50:09
(2 weeks ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Web App Attack
Brute-Force
Bad Web Bot
๐ง๐พ
lns.bz
2026-06-25 05:35:42
(2 weeks ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-23 12:06:30
(2 weeks ago)
(modsecurity) srv101 ModSecurity 66.228.48.175 (US/United States/ip-66-228-48-175.cloudezapp.io): 10 ...
show more
(modsecurity) srv101 ModSecurity 66.228.48.175 (US/United States/ip-66-228-48-175.cloudezapp.io): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 11:05:44
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): ...
show more
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 07:05:37.854694 2026] [security2:error] [pid 742:tid 742] [client 66.228.48.175:38574] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.fundaciondamashcc.org.ec|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fundaciondamashcc.org.ec"] [uri "/wp-json/wp/v2/users"] [unique_id "ajpogQZK9tSlAKEIeRkq3AAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-23 11:05:35
(2 weeks ago)
[ns41.kdns.gr] httpd-suspicious-path: sites=apnoia.gr; logs=/var/log/httpd/domains/apnoia.gr.log; sa ...
show more
[ns41.kdns.gr] httpd-suspicious-path: sites=apnoia.gr; logs=/var/log/httpd/domains/apnoia.gr.log; samples=/wp-json/wp/v2/users | /?author=1 | /?author=2
show less
Hacking
Web App Attack
๐บ๐ธ
kosada.com
2026-06-23 09:09:01
(2 weeks ago)
Web password guessing
Brute-Force
Anonymous
2026-06-23 06:40:51
(2 weeks ago)
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "M ...
show more
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0"
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0"
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0"
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
[redacted] 66.228.48.175 - - [23/Jun/2026:08:40:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Window
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-23 05:26:48
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): ...
show more
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 01:26:41.736462 2026] [security2:error] [pid 2761:tid 2769] [client 66.228.48.175:37860] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sandiegosamband.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sandiegosamband.com"] [uri "/WPpage/wp-json/wp/v2/users"] [unique_id "ajoZERJe1op8x4Z-2fLyYAAAAEU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-22 06:25:03
(2 weeks ago)
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:01 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "M ...
show more
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:01 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:01 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0"
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:01 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0"
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
[redacted] 66.228.48.175 - - [22/Jun/2026:08:25:02 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 19:01:13
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): ...
show more
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 15:01:06.897586 2026] [security2:error] [pid 1577:tid 1577] [client 66.228.48.175:53330] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||doublenaughtspycar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doublenaughtspycar.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajbjcg62nBv39_EfBANLUAAAADg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-20 09:21:21
(3 weeks ago)
Multiple web server 400 error codes from same source ip
Web App Attack
๐บ๐ธ
Jason Howell
2026-06-19 21:19:38
(3 weeks ago)
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2990 "-" "Mozilla/5.0 ...
show more
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2988 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0"
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0"
66.228.48.175 - - [19/Jun/2026:16:19:37 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 12:16:04
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): ...
show more
(mod_security) mod_security (id:225170) triggered by 66.228.48.175 (ip-66-228-48-175.cloudezapp.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 08:15:58.731738 2026] [security2:error] [pid 13650:tid 13650] [client 66.228.48.175:42692] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.justicehoward.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.justicehoward.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajUy_t6e_6nXC3tXh1NTaQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
NotCool
2026-06-18 19:04:29
(3 weeks ago)
[7200] (XMLRPC,WPLOGIN) Login failure/trigger from 66.228.48.175 (US/United States/ip-66-228-48-175. ...
show more
[7200] (XMLRPC,WPLOGIN) Login failure/trigger from 66.228.48.175 (US/United States/ip-66-228-48-175.cloudezapp.io): 50 in the last 3600 secs
show less
Brute-Force