๐ง๐ท
ICS Labs
2026-07-10 18:37:52
(1 day ago)
ICS Labs identified 84.73.126.131 as a malicious indicator from threat intelligence.
DDoS Attack
Port Scan
Hacking
Brute-Force
Exploited Host
๐บ๐ธ
octageeks.com
2026-05-07 04:06:05
(2 months ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-05-06 22:40:11
(2 months ago)
Brute-Force
Web App Attack
๐ฉ๐ช
LRob
2026-05-06 10:30:07
(2 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ฌ๐ง
andypiper
2026-05-06 01:00:32
(2 months ago)
CrowdSec ban for AbuseIPDB Top List
Brute-Force
Web App Attack
Anonymous
2026-05-05 21:26:06
(2 months ago)
host-ipset-guard auto-report; server=ns41.kdns.gr; rule=httpd-xmlrpc-post; count=9/9; duration=72h; ...
show more
host-ipset-guard auto-report; server=ns41.kdns.gr; rule=httpd-xmlrpc-post; count=9/9; duration=72h; scope=ns41.kdns.gr; country=CH; sites=medisto.gr; samples=/xmlrpc.php
show less
Hacking
Web App Attack
๐ซ๐ฎ
Erpelstolz
2026-05-05 15:55:32
(2 months ago)
external host: 84.73.126.131 - - [05/May/2026:17:55:30 +0200] "POST /xmlrpc.php HTTP/1.1" 404 9711 " ...
show more
external host: 84.73.126.131 - - [05/May/2026:17:55:30 +0200] "POST /xmlrpc.php HTTP/1.1" 404 9711 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/70.0.0.0 Safari/537.36"
show less
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-05-05 12:54:52
(2 months ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-05 03:52:41
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch ...
show more
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 23:52:34.346819 2026] [security2:error] [pid 23957:tid 23957] [client 84.73.126.131:64041] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||nekstlevel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nekstlevel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aflpghdnfc4AAfka72193AAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2026-05-05 03:45:56
(2 months ago)
Triggered Cloudflare WAF (firewallCustom) from CH.
Action: MANAGED_CHALLENGE | Protocol: HTTP/1.1 (P ...
show more
Triggered Cloudflare WAF (firewallCustom) from CH.
Action: MANAGED_CHALLENGE | Protocol: HTTP/1.1 (POST) | Endpoint: /xmlrpc.php | UA: Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/86.0.0.0 Safari/537.36 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-04 23:10:39
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch ...
show more
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 19:10:31.698786 2026] [security2:error] [pid 1449:tid 1449] [client 84.73.126.131:61796] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||incrp.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "incrp.org"] [uri "/wp-json/wp/v2/users"] [unique_id "afknZxa26n65N-f8yvsxfgAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-05-04 18:46:13
(2 months ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-05-04 16:40:33
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch ...
show more
(mod_security) mod_security (id:225170) triggered by 84.73.126.131 (84-73-126-131.dclient.hispeed.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 12:40:20.871398 2026] [security2:error] [pid 29424:tid 29424] [client 84.73.126.131:49672] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bennoyes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bennoyes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afjL9AV49hb1OhQX1Ia5_wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-05-04 10:15:04
(2 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ฉ๐ช
stinpriza
2026-05-04 04:30:49
(2 months ago)
Web App Attack
Web App Attack