๐ฌ๐ท
setupgr
2026-07-06 21:00:22
(3 hours ago)
(wplogin_block) Blocked WP-Login Access Attempt 185.228.3.27 (PT/Portugal/Lisbon/Lisbon/-/[AS206092 ...
show more
(wplogin_block) Blocked WP-Login Access Attempt 185.228.3.27 (PT/Portugal/Lisbon/Lisbon/-/[AS206092 SECFIREWALLAS]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 185.228.3.27 - - [06/Jul/2026:23:57:00 +0300] "GET /wp-login.php HTTP/1.1" 301 297 "-" "python-requests/2.28.2"
show less
Port Scan
๐ฑ๐ป
garmtech.com
2026-04-22 19:01:36
(2 months ago)
IM360 WAF: Laravel .env file access
Web App Attack
๐ฉ๐ช
EGP Abuse Dept
2026-04-19 15:08:00
(2 months ago)
Scanning for web/db/file exploits on www.enginears.nl
SQL Injection
Bad Web Bot
Web App Attack
๐บ๐ธ
myagent.site
2026-03-28 08:40:08
(3 months ago)
Blocking for trying to access an exploit file: //xmlrpc.php?rsd
Hacking
๐จ๐ฆ
Mediashaker
2026-03-27 19:29:04
(3 months ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 185.228.3.27 (PT/Portuga ...
show more
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 185.228.3.27 (PT/Portugal/-)
show less
Port Scan
๐ฉ๐ช
AetherFox
2026-03-27 10:53:01
(3 months ago)
[Fri Mar 27 10:53:01.085555 2026] [authz_core:error] [pid 500189:tid 500209] [client 185.228.3.27:57 ...
show more
[Fri Mar 27 10:53:01.085555 2026] [authz_core:error] [pid 500189:tid 500209] [client 185.228.3.27:57691] AH01630: client denied by server configuration: proxy:http://5.75.191.34/mah.php
[Fri Mar 27 10:53:01.085759 2026] [authz_core:error] [pid 500189:tid 500209] [client 185.228.3.27:57691] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html
[Fri Mar 27 10:53:01.171765 2026] [authz_core:error] [pid 500189:tid 500233] [client 185.228.3.27:57691] AH01630: client denied by server configuration: proxy:http://5.75.191.34/.wp/wso.php
[Fri Mar 27 10:53:01.171974 2026] [authz_core:error] [pid 500189:tid 500233] [client 185.228.3.27:57691] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html
[Fri Mar 27 10:53:01.265789 2026] [authz_core:error] [pid 500189:tid 500212] [client 185.228.3.27:57691] AH01630: client denied by server configuration: proxy:http://5.75.191.34/core.php
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
octageeks.com
2026-03-27 04:12:07
(3 months ago)
Wordpress malicious attack:[octawpauthor]
Web App Attack
๐ฉ๐ช
SCHAPPY
2026-03-25 07:14:17
(3 months ago)
Brute-force attack to identify web exploits
Brute-Force
Web App Attack
๐ณ๐ฑ
EGP Abuse Dept
2026-03-25 06:59:14
(3 months ago)
Scanning for web/db/file exploits on www.koopman-optiek.nl
SQL Injection
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-03-24 05:30:25
(3 months ago)
251 requests with url.path */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot
๐บ๐ธ
ambor
2026-03-21 17:29:07
(3 months ago)
Honeypot access: PHP file scan attempt: //wp-includes/id3/license.txt/xmlrpc.php. Path: //wp-include ...
show more
Honeypot access: PHP file scan attempt: //wp-includes/id3/license.txt/xmlrpc.php. Path: //wp-includes/id3/license.txt/xmlrpc.php
show less
Web App Attack
๐ณ๐ฑ
Savvii
2026-03-19 06:23:18
(3 months ago)
10 attempts against mh-misc-ban on hydra
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-16 09:40:19
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 185.228.3.27 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 185.228.3.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 05:40:11.658798 2026] [security2:error] [pid 16534:tid 16534] [client 185.228.3.27:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ccamp.dev"] [uri "/back/sftp-config.json"] [unique_id "abfP-4Z3DAGoNqY3sk1DFwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-15 14:16:08
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 185.228.3.27 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 185.228.3.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 10:16:01.301205 2026] [security2:error] [pid 18144:tid 18144] [client 185.228.3.27:56013] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pcga.golf|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/backups/mysql.sql"] [unique_id "aba_IRXJBdsTg3Fg18W8XQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
gnom4ik
2026-02-21 07:36:19
(4 months ago)
ban-reviewer auto report; ip=185.228.3.27; scenario=http:scan; verdict=valid_ban; confidence=0.85; c ...
show more
ban-reviewer auto report; ip=185.228.3.27; scenario=http:scan; verdict=valid_ban; confidence=0.85; categories=14,15,22; active_decisions=1; lookback_decisions=1; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=IP flagged for HTTP scanning activity (scenario: http:scan); AbuseIPDB category 14 (Port Scan) is applicable; AbuseIPDB category 15 (Hacking) is applicable; AbuseIPDB category 22 (SSH) is applicable
show less
Port Scan
Hacking
SSH