๐ซ๐ท
dynamix
2026-07-06 17:56:21
(1 week ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-06 17:51:27
(1 week ago)
CrowdSec: lrob/wp-xmlrpc-bf | req: ["/xmlrpc.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...
show more
CrowdSec: lrob/wp-xmlrpc-bf | req: ["/xmlrpc.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"]
show less
Brute-Force
Web App Attack
๐ฌ๐ง
consul.to
2026-06-04 14:51:21
(1 month ago)
Web attack/malicious scanning detected
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-05-05 22:34:41
(2 months ago)
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-05-04 22:28:29
(2 months ago)
Brute-Force
Web App Attack
๐ซ๐ฎ
Rexikon
2026-05-04 17:56:19
(2 months ago)
188.212.135.162 - - [04/May/2026:19:56:15 +0200] "POST /wp-login.php HTTP/1.0" 200 14211 "https://an ...
show more
188.212.135.162 - - [04/May/2026:19:56:15 +0200] "POST /wp-login.php HTTP/1.0" 200 14211 "https://anitra.pl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 OPR/120.0.0.0"
188.212.135.162 - - [04/May/2026:19:56:15 +0200] "POST /wp-login.php HTTP/1.0" 200 14211 "https://anitra.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36"
188.212.135.162 - - [04/May/2026:19:56:16 +0200] "POST /wp-login.php HTTP/1.0" 200 14211 "https://anitra.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.3124.85"
188.212.135.162 - - [04/May/2026:19:56:17 +0200] "POST /wp-login.php HTTP/1.0" 200 14211 "https://anitra.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139
...
show less
Brute-Force
๐ซ๐ฎ
Rexikon
2026-05-04 15:50:12
(2 months ago)
188.212.135.162 - - [04/May/2026:17:50:11 +0200] "POST /wp-login.php HTTP/1.0" 200 15967 "https://pa ...
show more
188.212.135.162 - - [04/May/2026:17:50:11 +0200] "POST /wp-login.php HTTP/1.0" 200 15967 "https://paramedic24.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.3124.85"
188.212.135.162 - - [04/May/2026:17:50:11 +0200] "POST /wp-login.php HTTP/1.0" 200 15967 "https://paramedic24.pl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 OPR/120.0.0.0"
188.212.135.162 - - [04/May/2026:17:50:11 +0200] "POST /wp-login.php HTTP/1.0" 200 15967 "https://paramedic24.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.3124.85"
188.212.135.162 - - [04/May/2026:17:50:11 +0200] "POST /wp-login.php HTTP/1.0" 200 15967 "https://paramedic24.pl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
...
show less
Brute-Force
๐บ๐ธ
mnsf
2026-05-04 15:05:45
(2 months ago)
Login Too Frequent (9)
Brute-Force
Web App Attack
๐ซ๐ฎ
Rexikon
2026-05-04 12:46:06
(2 months ago)
188.212.135.162 - - [04/May/2026:14:46:04 +0200] "POST /wp-login.php HTTP/1.0" 200 14548 "https://fa ...
show more
188.212.135.162 - - [04/May/2026:14:46:04 +0200] "POST /wp-login.php HTTP/1.0" 200 14548 "https://faid.com.pl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 OPR/120.0.0.0"
188.212.135.162 - - [04/May/2026:14:46:04 +0200] "POST /wp-login.php HTTP/1.0" 200 14548 "https://faid.com.pl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 OPR/120.0.0.0"
188.212.135.162 - - [04/May/2026:14:46:05 +0200] "POST /wp-login.php HTTP/1.0" 200 14548 "https://faid.com.pl/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
188.212.135.162 - - [04/May/2026:14:46:05 +0200] "POST /wp-login.php HTTP/1.0" 200 14548 "https://faid.com.pl/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36"
188.212.135.162 - - [04/
...
show less
Brute-Force
๐ซ๐ท
dynamix
2026-05-04 04:27:43
(2 months ago)
Multiple WAF Violations
Web App Attack
๐ซ๐ฎ
as211431.net
2026-05-03 06:25:27
(2 months ago)
Triggered Cloudflare WAF (firewallCustom) from PL.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from PL.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp-links.php
UA: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-04-28 08:57:43
(2 months ago)
Excessive 404/403 errors
Brute-Force
๐ซ๐ท
Baking333
2026-04-16 22:21:50
(3 months ago)
[redacted] 188.212.135.162 - - [16/Apr/2026:23:21:48 +0100] "GET //wordpress/ HTTP/1.1" 301 4354 0/3 ...
show more
[redacted] 188.212.135.162 - - [16/Apr/2026:23:21:48 +0100] "GET //wordpress/ HTTP/1.1" 301 4354 0/332 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.3124.85" [redacted] 188.212.135.162 - - [16/Apr/2026:23:21:49 +0100] "GET /wordpress HTTP/1.1" 302 1574 0/198034 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.3124.85"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-24 22:55:21
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.162 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 188.212.135.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 24 18:55:15.882141 2026] [security2:error] [pid 2254:tid 2254] [client 188.212.135.162:52297] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoinsquaretrader.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinsquaretrader.com"] [uri "/bak/mysql.sql"] [unique_id "acMWUxtVLdpJ1oHRCzARmwAAADI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
r3versedk
2026-03-22 10:10:10
(3 months ago)
๐ก๏ธ Automated Threat Report from maxjensen.dk
๐ฏ Attack Type: Botnet Fingerprint
๐จ Severity: CRITICAL ...
show more
๐ก๏ธ Automated Threat Report from maxjensen.dk
๐ฏ Attack Type: Botnet Fingerprint
๐จ Severity: CRITICAL
๐ Threat Score: 95/100
๐ Total Attacks: 420 (database verified, seen over today)
๐ Peak Score: 95/100
๐ฏ Common Types: Botnet Fingerprint(1x)
๐ Fingerprint: 9f96b00ce11bc787
๐ค AI/ML: ๐ค Multi-Model Consensus (neural-network, q-learning, gpt) - ๐ง NN (55%): block (99.8%) | ๐ฎ QL (23%): block (75.0%) | ๐ค Claude (23%): monitor (70.0%) | โ๏ธ dynamic+boosted weights...
Detected: 2026-03-22T10:10:10.769Z
show less
Bad Web Bot