๐บ๐ธ
integrantservices.com
2026-07-11 07:12:35
(45 minutes ago)
(wordpress) Failed wordpress login from 185.237.125.120 (DK/Denmark/web02.simpleagencygroup.dk)
Brute-Force
๐ฒ๐น
Malta
2026-07-11 06:23:23
(1 hour ago)
185.237.125.120 - - [11/Jul/2026:08:23:23 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ...
show more
185.237.125.120 - - [11/Jul/2026:08:23:23 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
Anonymous
2026-07-11 01:07:20
(6 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 00:51:54
(7 hours ago)
(mod_security) mod_security (id:225170) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 20:51:45.864497 2026] [security2:error] [pid 3570163:tid 3570163] [client 185.237.125.120:33472] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||krystalsgiftshopandboutique.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "krystalsgiftshopandboutique.net"] [uri "/wp-json/wp/v2/users/me"] [unique_id "alGToRyBmy6C4J7CqOiuPQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐ด
SpamStopper
2026-07-11 00:19:38
(7 hours ago)
Fail2Ban - WP Spoofing
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 15:33:54
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 11:33:46.730484 2026] [security2:error] [pid 11368:tid 11368] [client 185.237.125.120:53556] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||realdesigninterior.com|F|4"] [data "keep-alive, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "realdesigninterior.com"] [uri "/wp-json/wp/v2/posts"] [unique_id "ak-_WoOItW3MPkqV9_6qfQAAAA4"], referer: https://realdesigninterior.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 14:59:42
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 10:59:39.453224 2026] [security2:error] [pid 19040:tid 19040] [client 185.237.125.120:46956] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||casadelsolmexico.net|F|4"] [data "keep-alive, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "casadelsolmexico.net"] [uri "/wp-sitemap.xml"] [unique_id "ak-3W9oU9xCNZrs5QPdtfwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 12:50:28
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 08:50:23.478641 2026] [security2:error] [pid 6593:tid 6593] [client 185.237.125.120:50008] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||nivotrol.innovacionesnimba.com|F|4"] [data "keep-alive, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "nivotrol.innovacionesnimba.com"] [uri "/wp-sitemap-users-1.xml"] [unique_id "ak-ZD1-LTrqJWYEB0gTmjQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 12:33:27
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 08:33:22.035736 2026] [security2:error] [pid 28590:tid 28590] [client 185.237.125.120:57770] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||uphillfarmvt.com|F|4"] [data "keep-alive, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "uphillfarmvt.com"] [uri "/wp-json/wp/v2/users/10"] [unique_id "ak-VEn6Kr_HD9imv0IO7IAAAAAU"], referer: https://uphillfarmvt.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 12:09:41
(1 day ago)
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:210350) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 08:09:34.600689 2026] [security2:error] [pid 17184:tid 17229] [client 185.237.125.120:58758] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||conservativelabor.com|F|4"] [data "keep-alive, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "conservativelabor.com"] [uri "/feed/"] [unique_id "ak-PfuXYIxB8v2RRTA8ZaQAAAQs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-09 07:33:49
(2 days ago)
[ThuJul0909:33:43.6503702026][security2:error][pid3820771:tid3820864][client185.237.125.120:0]ModSec ...
show more
[ThuJul0909:33:43.6503702026][security2:error][pid3820771:tid3820864][client185.237.125.120:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ipv6.gmint.ch\"][uri\"/xmlrpc.php\"][unique_id\"ak9O1xer1vMzbKudn7ySqwAAAMI\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 07:22:57
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 185.237.125.120 (web02.simpleagencygroup.dk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 03:22:50.095409 2026] [security2:error] [pid 7089:tid 7089] [client 185.237.125.120:36016] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stansbracelets.com.lahamradio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stansbracelets.com.lahamradio.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak9MSrXQ9E1nvr6rd_oxFgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-09 01:27:43
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 257
Exploited Host
Web App Attack
๐ฌ๐ท
setupgr
2026-07-08 23:57:41
(2 days ago)
(wplogin_block) Blocked WP-Login Access Attempt 185.237.125.120 (DK/Denmark/Capital Region/Herlev/-/ ...
show more
(wplogin_block) Blocked WP-Login Access Attempt 185.237.125.120 (DK/Denmark/Capital Region/Herlev/-/[AS210939 PROCOPA]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 185.237.125.120 - - [09/Jul/2026:02:52:41 +0300] "GET /wp-login.php HTTP/2.0" 200 5191 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36"
show less
Port Scan
๐จ๐ฟ
ptlab
2026-07-08 12:45:33
(2 days ago)
Detected wp_login attack from WP-host.
Hacking
Web App Attack