๐ซ๐ท
mrcrassi
2026-06-30 16:38:27
(2 hours ago)
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/1.1 (POST meth ...
show more
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
Protocol: HTTP/1.1 (POST method)
Endpoint: /wp-login.php
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-06-30 14:18:05
(5 hours ago)
161.118.221.77 - - [30/Jun/2026:11:18:02 -0300] "GET /wp-login.php HTTP/1.1" 301 162 "-" "Mozilla/5. ...
show more
161.118.221.77 - - [30/Jun/2026:11:18:02 -0300] "GET /wp-login.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15"
161.118.221.77 - - [30/Jun/2026:11:18:03 -0300] "GET /wp-login.php HTTP/1.1" 404 826 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15"
161.118.221.77 - - [30/Jun/2026:11:18:03 -0300] "GET /wp-admin/ HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15"
...
show less
Port Scan
Anonymous
2026-06-30 10:51:00
(8 hours ago)
CMS (WordPress or Joomla) brute force attempt.
Brute-Force
๐บ๐ธ
paulo.apoloni
2026-06-30 07:48:12
(11 hours ago)
161.118.221.77 - - [30/Jun/2026:04:47:58 -0300] "GET /wp-login.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 ...
show more
161.118.221.77 - - [30/Jun/2026:04:47:58 -0300] "GET /wp-login.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
161.118.221.77 - - [30/Jun/2026:04:47:59 -0300] "GET /wp-admin/ HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36"
161.118.221.77 - - [30/Jun/2026:04:48:06 -0300] "GET /wp-admin/admin-ajax.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
161.118.221.77 - - [30/Jun/2026:04:48:07 -0300] "GET /wp-admin/load-scripts.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"
161.118.221.77 - - [30/Jun/2026:04:48:08 -0300] "GET /wp-admin/load-styles.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
...
show less
Bad Web Bot
Web App Attack
๐ง๐ท
vfAcceloReporter
2026-06-30 04:40:19
(14 hours ago)
161.118.221.77 - - [30/Jun/2026:01:40:04 -0300] "GET /wp-admin/admin-ajax.php HTTP/1.1" 500 579 "-" ...
show more
161.118.221.77 - - [30/Jun/2026:01:40:04 -0300] "GET /wp-admin/admin-ajax.php HTTP/1.1" 500 579 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
161.118.221.77 - - [30/Jun/2026:01:40:05 -0300] "GET /wp-admin/load-scripts.php HTTP/1.1" 500 177 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15"
161.118.221.77 - - [30/Jun/2026:01:40:07 -0300] "GET /wp-admin/load-styles.php HTTP/1.1" 500 177 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"
161.118.221.77 - - [30/Jun/2026:01:40:17 -0300] "GET /wp-includes/version.php HTTP/1.1" 500 177 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"
161.118.221.77 - - [30/Jun/2026:01:40:19 -0300] "GET /wp-includes/functions.php HTTP/1.1" 500 579 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/
...
show less
Brute-Force
Web App Attack
Exploited Host
๐ง๐ท
Peregrine
2026-06-30 03:11:44
(16 hours ago)
Fail2Ban ct101 Jail: tomcat-404 | Evidence: 161.118.221.77 162.158.190.3 - - [29/Jun/2026:23:05:46 - ...
show more
Fail2Ban ct101 Jail: tomcat-404 | Evidence: 161.118.221.77 162.158.190.3 - - [29/Jun/2026:23:05:46 -0300] "GET /wp-admin/load-scripts.php HTTP/1.1" 404 18149
161.118.221.77 162.158.189.75 - - [29/Jun/2026:23:05:46 -0300] "GET /wp-admin/load-styles.php HTTP/1.1" 404 18149
161.118.221.77 172.71.124.124 - - [29/Jun/2026:23:05:47 -0300] "GET /wp-includes/js/jquery/jquery.js HTTP/1.1" 404 18149
161.118.221.77 172.70.93.9 - - [29/Jun/2026:23:05:48 -0300] "GET /wp-includes/css/dashicons.css HTTP/1.1" 404 18149
161.118.221.77 162.158.190.3 - - [29/Jun/2026:23:05:49 -0300] "GET /wp-content/themes/ HTTP/1.1" 404 18149
show less
Bad Web Bot
Web App Attack
๐ง๐ท
Peregrine
2026-06-30 02:05:47
(17 hours ago)
Fail2Ban ct101 Jail: tomcat-honeypot | Evidence: 161.118.221.77 162.158.190.3 - - [29/Jun/2026:23:05 ...
show more
Fail2Ban ct101 Jail: tomcat-honeypot | Evidence: 161.118.221.77 162.158.190.3 - - [29/Jun/2026:23:05:43 -0300] "GET /wp-login.php HTTP/1.1" 404 18193
show less
Bad Web Bot
๐ซ๐ท
SpaceHost-Server
2026-06-29 22:29:25
(20 hours ago)
Brute-Force
Web App Attack
Anonymous
2026-06-29 20:27:02
(22 hours ago)
2026/06/29 16:26:57 [error] 1401#0: *4845 "/var/www/htdocs/wp-admin/index.html" is not found (2: No ...
show more
2026/06/29 16:26:57 [error] 1401#0: *4845 "/var/www/htdocs/wp-admin/index.html" is not found (2: No such file or directory), client: 161.118.221.77, server: www.hquest.pro.br, request: "GET /wp-admin/ HTTP/1.1", host: "hquest.pro.br"
2026/06/29 16:26:58 [error] 1401#0: *4845 open() "/var/www/htdocs/wp-includes/js/jquery/jquery.js" failed (2: No such file or directory), client: 161.118.221.77, server: www.hquest.pro.br, request: "GET /wp-includes/js/jquery/jquery.js HTTP/1.1", host: "hquest.pro.br"
2026/06/29 16:26:58 [error] 1401#0: *4845 open() "/var/www/htdocs/wp-includes/css/dashicons.css" failed (2: No such file or directory), client: 161.118.221.77, server: www.hquest.pro.br, request: "GET /wp-includes/css/dashicons.css HTTP/1.1", host: "hquest.pro.br"
...
show less
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-06-29 19:07:24
(1 day ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
agenciahypelab.com.br
2026-06-29 19:04:55
(1 day ago)
WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER
Brute-Force
SSH
๐บ๐ธ
Penny Packer
2026-06-29 12:32:23
(1 day ago)
Fail2Ban apache-tripwires
Web App Attack
๐ซ๐ฎ
oh.mg
2026-06-29 11:59:07
(1 day ago)
[Mon Jun 29 13:58:50.978117 2026] [security2:error] [pid 1652414:tid 1652418] [client 161.118.221.77 ...
show more
[Mon Jun 29 13:58:50.978117 2026] [security2:error] [pid 1652414:tid 1652418] [client 161.118.221.77:0] [client 161.118.221.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "mmn.eco"] [uri "/wp-login.php"] [unique_id "akJd-pfrS3fEJKdT2Q2e2AAAAIE"]
[Mon Jun 29 13:59:07.504940 2026] [security2:error] [pid 1652414:tid 1652436] [client 161.118.221.77:0] [client 161.118.221.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "an
...
show less
Web App Attack
Bad Web Bot
๐ฉ๐ช
Ba-Yu
2026-06-29 04:21:17
(1 day ago)
WordPress bruteforce
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฉ๐ช
F242
2026-06-29 02:12:28
(1 day ago)
Wordpress Login or XMLRPC abuse
Web App Attack