Anonymous
2026-06-26 05:01:05
(2 weeks ago)
<jail> banned by fail2ban
Brute-Force
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-06-26 04:11:18
(2 weeks ago)
Wordpress malicious attack:[octamissingdomain]
Web App Attack
๐บ๐ธ
mnsf
2026-06-25 21:28:50
(2 weeks ago)
Too many Status 40X (11)
Brute-Force
Web App Attack
Anonymous
2026-06-25 11:37:29
(2 weeks ago)
104.199.8.224 - - [25/Jun/2026:13:37:28 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 280 " ...
show more
104.199.8.224 - - [25/Jun/2026:13:37:28 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 280 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.199.8.224 - - [25/Jun/2026:13:37:28 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.199.8.224 - - [25/Jun/2026:13:37:29 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.199.8.224 - - [25/Jun/2026:13:37:29 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 280 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.199.8.224 - - [25/Jun/2026:13:37:29 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 441 "-" "Mo
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 11:26:51
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 104.199.8.224 (224.8.199.104.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 104.199.8.224 (224.8.199.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 07:26:44.922563 2026] [security2:error] [pid 6770:tid 6770] [client 104.199.8.224:55404] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||louisafctravel.cathrynn.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "louisafctravel.cathrynn.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "aj0QdMzvORz4h606yecvTwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-25 11:23:35
(2 weeks ago)
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "M ...
show more
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 104.199.8.224 - - [25/Jun/2026:13:23:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows N
...
show less
Hacking
Web App Attack
๐ฉ๐ช
tinect
2026-06-25 11:13:16
(2 weeks ago)
This IP was detected by CrowdSec triggering tinect/http-sensitive-file-probe
Web App Attack
๐ณ๐ฟ
Antinson
2026-06-25 11:10:39
(2 weeks ago)
Scraping with a high error ratio and request rate
Bad Web Bot
Anonymous
2026-06-25 11:05:04
(2 weeks ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /xmlrpc.php?rsd HTTP/1.1, GET ...
show more
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /xmlrpc.php?rsd HTTP/1.1, GET /wp-json/wp/v2/users/ HTTP/1.1, GET /wp-includes/ID3/license.txt HTTP/1.1, GET /wp-json/oembed/1.0/embed?url=http://lisadebree.nl HTTP/1.1, GET /?author=1 HTTP/1.1
show less
Hacking
Web App Attack
๐ฎ๐ช
Jim Keir
2026-06-25 10:57:48
(2 weeks ago)
2026-06-25 10:57:48 104.199.8.224 File scanning, blocking 104.199.8.224 for 5 minutes
Web App Attack
๐ซ๐ท
dynamix
2026-06-25 10:47:34
(2 weeks ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-25 10:46:56
(2 weeks ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ง๐ช
cmbplf
2026-06-25 10:39:59
(2 weeks ago)
636 requests with url.path */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot
๐ฎ๐น
VHosting
2026-06-25 10:35:10
(2 weeks ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ซ๐ท
largo-it.net
2026-06-25 10:34:11
(2 weeks ago)
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:34:10.445] www_fro ...
show more
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:34:10.445] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/50/61 404 3252 - - ---- 49/16/0/0/0 0/0 "GET //wp-includes/ID3/license.txt HTTP/1.1"
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:34:10.506] www_frontend~ finance_cluster/finance1_test1_https 16/0/11/41/68 404 3151 - - ---- 49/16/0/0/0 0/0 "GET //feed/ HTTP/1.1"
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:34:10.574] www_frontend~ finance_cluster/finance1_test1_https 12/0/10/39/61 404 3151 - - ---- 49/16/0/0/0 0/0 "GET //xmlrpc.php?rsd HTTP/1.1"
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:34:10.636] www_frontend~ finance_cluster/finance1_test1_https 18/0/10/42/70 404 3151 - - ---- 49/16/0/0/0 0/0 "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1"
Jun 25 12:34:10 vps-9f3cdc33 haproxy[890185]: 104.199.8.224:54102 [25/Jun/2026:12:3
...
show less
Hacking
Bad Web Bot
Web App Attack