๐ณ๐ฑ
Site.eu
2026-07-14 03:07:17
(2 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-14 01:10:15
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum ...
show more
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 21:10:09.048989 2026] [security2:error] [pid 25890:tid 25890] [client 97.102.160.39:49867] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||high5-vr.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "high5-vr.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alWMceMIr_CUDLNBop0cPAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-14 00:01:58
(2 days ago)
Web attack/malicious scanning detected
Web App Attack
๐ซ๐ฎ
stinpriza
2026-07-13 23:58:19
(2 days ago)
Web App Attack
Web App Attack
๐บ๐ธ
Penny Packer
2026-07-13 23:32:51
(2 days ago)
Fail2Ban apache-tripwires
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 22:28:38
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum ...
show more
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 18:28:33.790942 2026] [security2:error] [pid 28644:tid 28644] [client 97.102.160.39:63641] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||equipoperu.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "equipoperu.org"] [uri "/wp-json/wp/v2/users"] [unique_id "alVmkWv_Pj31va9WbDLXuQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ท
ICS Labs
2026-07-10 18:42:57
(5 days ago)
ICS Labs identified 97.102.160.39 as a malicious indicator from threat intelligence.
DDoS Attack
Port Scan
Hacking
Brute-Force
Exploited Host
๐ซ๐ท
LRob
2026-07-08 06:28:49
(1 week ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Mozilla/5.0 (Wind ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/86.0.0.0 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; x64) AppleW
show less
Brute-Force
Web App Attack
๐จ๐ญ
4server
2026-07-08 00:21:20
(1 week ago)
[WedJul0802:21:16.4232352026][security2:error][pid1970533:tid1970885][client97.102.160.39:0]ModSecur ...
show more
[WedJul0802:21:16.4232352026][security2:error][pid1970533:tid1970885][client97.102.160.39:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"aidweb.ch\"][uri\"/xmlrpc.php\"][unique_id\"ak2X_KNDc8tS_JHlpPCbsQAAAEQ\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 03:04:41
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum ...
show more
(mod_security) mod_security (id:225170) triggered by 97.102.160.39 (syn-097-102-160-039.res.spectrum.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 23:04:34.619706 2026] [security2:error] [pid 16462:tid 16462] [client 97.102.160.39:50702] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||robinsnestingplace.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "robinsnestingplace.net"] [uri "/wp-json/wp/v2/users"] [unique_id "akxswuQTO3HPZIjrfnpVngAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-07-07 02:46:18
(1 week ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack
๐ฌ๐ง
pinguin
2026-07-07 01:38:06
(1 week ago)
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: LOG
Protocol: HTTP/1.1 (POST metho ...
show more
Triggered Cloudflare WAF (firewallManaged) from US.
Action taken: LOG
Protocol: HTTP/1.1 (POST method)
Endpoint: /xmlrpc.php
UA: Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/99.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
Tsumugi Kotobuki
2026-07-06 21:12:54
(1 week ago)
Web Scan (L7) | Paths: /xmlrpc.php | Codes: 444(1x) | UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x6 ...
show more
Web Scan (L7) | Paths: /xmlrpc.php | Codes: 444(1x) | UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/... | rDNS: syn-097-102-160-039.res.spectrum.com | F2B/angie-honeypot@2026-07-06T21:12:54Z
show less
Bad Web Bot
Web App Attack
Hacking
๐บ๐ธ
Jason Howell
2026-07-06 03:59:58
(1 week ago)
97.102.160.39 - - [05/Jul/2026:22:56:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4736 "-" "Mozilla/5.0 ...
show more
97.102.160.39 - - [05/Jul/2026:22:56:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4736 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/86.0.0.0 Safari/537.36"
97.102.160.39 - - [05/Jul/2026:22:58:54 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4735 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
97.102.160.39 - - [05/Jul/2026:22:59:15 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4734 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/89.0.0.0 Safari/537.36"
97.102.160.39 - - [05/Jul/2026:22:59:34 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4736 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36"
97.102.160.39 - - [05/Jul/2026:22:59:58 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4736 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/79.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
4server
2026-07-01 09:34:11
(2 weeks ago)
[WedJul0111:34:07.2609222026][security2:error][pid1367206:tid1367352][client97.102.160.39:0]ModSecur ...
show more
[WedJul0111:34:07.2609222026][security2:error][pid1367206:tid1367352][client97.102.160.39:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"globalhorizon.ch\"][uri\"/xmlrpc.php\"][unique_id\"akTfDw8sXr3tnIWg7mhk3QAAARg\"]
show less
Port Scan
Brute-Force
Web App Attack