๐ซ๐ท
Sklurk
2026-06-20 02:07:08
(1 week ago)
Web App Attack
Web App Attack
๐ฉ๐ช
strxmpp
2026-06-15 01:01:50
(2 weeks ago)
104.207.38.118 - - [15/Jun/2026:03:01:47 +0200] "GET /wp-sitemap.xml HTTP/1.1" 302 5510 "-" "Mozilla ...
show more
104.207.38.118 - - [15/Jun/2026:03:01:47 +0200] "GET /wp-sitemap.xml HTTP/1.1" 302 5510 "-" "Mozilla/5.0"
...
show less
Bad Web Bot
๐ฆ๐บ
RedBear IT
2026-03-26 10:00:37
(3 months ago)
"DDoS against public endpoint"
DDoS Attack
๐บ๐ธ
TPI-Abuse
2025-12-28 02:32:20
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 21:32:14.087089 2025] [security2:error] [pid 2878:tid 2878] [client 104.207.38.118:19741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "canfieldnyc.com"] [uri "/.env"] [unique_id "aVCWrjg_K5roNpCTd-f8hwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-27 23:19:12
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 18:19:05.401364 2025] [security2:error] [pid 4906:tid 4906] [client 104.207.38.118:11069] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haroturkiye.com"] [uri "/.svn/wc.db"] [unique_id "aVBpaZU3WhQFU0THS3qeSwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-27 21:16:04
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:15:55.603567 2025] [security2:error] [pid 16010:tid 16019] [client 104.207.38.118:30737] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arizonasolutionsgroup.com"] [uri "/.git/HEAD"] [unique_id "aVBMi91O7Na7SFTUCFtGcwAAAIU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
2000cn.com.au
2025-12-27 19:02:17
(6 months ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-27 17:51:45
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:51:41.474922 2025] [security2:error] [pid 12364:tid 12364] [client 104.207.38.118:32709] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kbalan.com"] [uri "/.svn/wc.db"] [unique_id "aVAcrWPO87ghFU_PK_pi7gAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-27 17:00:12
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:00:06.849222 2025] [security2:error] [pid 3168:tid 3168] [client 104.207.38.118:23345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dianedanielsmanning.com"] [uri "/.git/HEAD"] [unique_id "aVAQlqFytq1UFtrRZLCMQwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-12-27 13:18:34
(6 months ago)
Fuzzing/Looking for credentials files.
Brute-Force
Web App Attack
Anonymous
2025-11-14 16:41:04
(7 months ago)
This IP was involved in a brute force and password spray attack.
Brute-Force
Web App Attack
Anonymous
2025-11-01 22:09:13
(7 months ago)
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ...
show more
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:03 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461; .NET CLR 1.1.4322)"
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:05 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Safari/604.1.38"
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:06 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13"
[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:07 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; S
...
show less
Hacking
Web App Attack
๐ซ๐ท
applemooz
2025-11-01 11:58:33
(7 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
Anonymous
2025-10-30 14:03:33
(7 months ago)
WordPress Brute Force
Brute-Force
Anonymous
2025-10-18 03:36:11
(8 months ago)
This IP was involved in a brute force and password spray attack.
Brute-Force
Web App Attack