๐น๐ผ
ip4.tw
2026-06-29 21:17:01
(41 minutes ago)
Malicious web scan
Hacking
Web App Attack
๐ธ๐ช
vaia.cloud
2026-06-29 21:03:02
(55 minutes ago)
trying wp-login.php/xmlrpc.php 44 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 16:05:18
(5 hours ago)
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 12:05:10.660158 2026] [security2:error] [pid 25536:tid 25536] [client 94.54.48.63:30399] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bostonmarathonstories.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bostonmarathonstories.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akKXtu-O9jjGUhaQr_XtpQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
findlab
2026-06-29 04:00:01
(17 hours ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-29 03:08:52
(18 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฉ๐ช
LRob.fr
2026-06-29 02:00:22
(19 hours ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
Anonymous
2026-06-28 21:01:13
(1 day ago)
[redacted] 94.54.48.63 - - [28/Jun/2026:23:00:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Moz ...
show more
[redacted] 94.54.48.63 - - [28/Jun/2026:23:00:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/98.0.0.0 Safari/537.36"
[redacted] 94.54.48.63 - - [28/Jun/2026:23:00:42 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36"
[redacted] 94.54.48.63 - - [28/Jun/2026:23:00:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/91.0.0.0 Safari/537.36"
[redacted] 94.54.48.63 - - [28/Jun/2026:23:01:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36"
[redacted] 94.54.48.63 - - [28/Jun/2026:23:01:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/5
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 18:37:18
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 14:37:12.529451 2026] [security2:error] [pid 12901:tid 12901] [client 94.54.48.63:31050] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||aandbnaturalfoods.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aandbnaturalfoods.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akFp2LgkJqLFNduIJpKstgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-06-28 03:42:13
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
๐ซ๐ท
dynamix
2026-06-27 21:40:48
(2 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 19:38:36
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:38:31.222292 2026] [security2:error] [pid 7429:tid 7429] [client 94.54.48.63:32352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||97films.media|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "97films.media"] [uri "/wp-json/wp/v2/users"] [unique_id "akAmt6fKAff9mgzTQ48FRgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
WeekendWeb
2026-06-27 12:28:07
(2 days ago)
Wordpress Vunerability attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 05:04:15
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 01:04:07.738518 2026] [security2:error] [pid 14601:tid 14601] [client 94.54.48.63:32939] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||enriquejezik.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "enriquejezik.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aj9ZxwXQM4yIn4n6gPkdzQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-27 04:00:16
(2 days ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-26 17:12:58
(3 days ago)
[FriJun2619:12:55.9029432026][security2:error][pid2950631:tid2950674][client94.54.48.63:0]ModSecurit ...
show more
[FriJun2619:12:55.9029432026][security2:error][pid2950631:tid2950674][client94.54.48.63:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"solaristech.ch\"][uri\"/xmlrpc.php\"][unique_id\"aj6zF4gpCclxSNIq5ySZugAAAIg\"]
show less
Port Scan
Brute-Force
Web App Attack